urlseek problem
- Thread starter murrayme
- Start date
ken545
Emeritus-Security Expert
Its its still running than open Task Manager by pressing Ctrl Alt Del, under Applications highlight OTL and select End Task.
Your Hostfile is missing or corrupt and we need to replace it.
Download the HostsXpert 4.3 - Hosts File Manager.
Your Hostfile is missing or corrupt and we need to replace it.
Download the HostsXpert 4.3 - Hosts File Manager.
- Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
- Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
- Click "Make Hosts Writable?" in the upper left corner.
- Click Restore Microsoft's Hosts file and then click OK.
- Click the X to exit the program.
- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
OTL logfile created on: 12/26/2011 4:44:28 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.05 Mb Total Physical Memory | 636.53 Mb Available Physical Memory | 62.28% Memory free
2.40 Gb Paging File | 2.14 Gb Available in Paging File | 89.18% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 19.58 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
Computer Name: STUDENT-7A2F6C6 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\11122601\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11122601\aswRep.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11112801\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11112801\aswRep.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
========== Win32 Services (SafeList) ==========
SRV - (getPlusHelper) getPlus(R) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Iap) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
========== Driver Services (SafeList) ==========
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {C3947F4E-8894-4C04-98E0-DF182C706DDF}:1.0
FF - prefs.js..extensions.enabledItems: kwtr-for-firefox@klout.com:1.0.5
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mike\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/26 10:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/19 19:12:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/19 19:12:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/12/19 19:12:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
[2009/09/07 00:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2009/09/07 00:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/12/26 12:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\b9lawpa0.default\extensions
[2009/06/04 23:00:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\b9lawpa0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/05/07 20:54:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\b9lawpa0.default\extensions\moveplayer@movenetworks.com
[2011/09/01 16:20:11 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\b9lawpa0.default\extensions\personas@christopher.beard
[2011/12/10 11:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B9LAWPA0.DEFAULT\EXTENSIONS\KWTR-FOR-FIREFOX@KLOUT.COM.XPI
[2011/12/26 10:02:40 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0E1518-7919-4C16-BD59-F75A5D3C1279}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/13 12:57:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/26 14:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\HostsXpert
[2011/12/26 13:37:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/26 13:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\erunt
[2011/12/26 10:12:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/26 10:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/12/26 10:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/26 10:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Google
[2011/12/26 10:03:00 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/26 10:03:00 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/26 10:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/26 10:02:58 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/26 10:02:58 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/26 10:02:57 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/26 10:02:56 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/26 10:02:56 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/26 10:02:55 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/26 10:02:35 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/26 10:02:34 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/26 10:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/26 10:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/25 19:52:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/25 19:46:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2011/12/25 14:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/25 14:06:49 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2011/12/25 11:45:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/23 19:37:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2011/12/23 19:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
[2011/12/23 19:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/12/23 19:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Keyboard
[2011/12/23 19:34:40 | 001,421,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll
[2011/12/23 19:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/12/23 18:34:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/23 18:32:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/23 18:32:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/23 18:32:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/23 18:32:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/23 18:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/23 18:32:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/23 18:25:49 | 004,351,768 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2011/12/23 18:25:01 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Mike\Desktop\ATF-Cleaner.exe
[2011/12/23 10:39:09 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2011/12/19 23:08:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\Administrative Tools
[2011/12/19 19:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/19 19:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\HiJackThis
[2011/11/28 09:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/28 09:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/28 09:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/28 09:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
========== Files - Modified Within 30 Days ==========
[2011/12/26 16:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 14:44:54 | 000,000,698 | ---- | M] () -- C:\WINDOWS\HOSTS
[2011/12/26 14:43:00 | 000,357,766 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HostsXpert.zip
[2011/12/26 14:41:54 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/26 14:41:53 | 000,027,744 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/12/26 14:41:41 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 13:34:55 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\erunt.zip
[2011/12/26 10:12:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/26 10:11:49 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/26 10:08:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/26 10:03:01 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/26 10:02:57 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/26 10:01:10 | 064,207,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\setup_av_free_cnet.exe
[2011/12/25 19:59:26 | 000,442,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/25 19:59:26 | 000,071,926 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/25 19:55:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/25 19:54:53 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 19:46:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2011/12/25 14:08:17 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2011/12/25 11:26:50 | 004,351,768 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2011/12/25 10:38:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/25 10:37:46 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/24 17:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/23 19:38:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/12/23 19:38:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/12/23 19:36:10 | 000,002,030 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2011/12/23 19:34:53 | 000,002,056 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Keyboard.lnk
[2011/12/23 18:35:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/23 18:25:01 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Mike\Desktop\ATF-Cleaner.exe
[2011/12/23 12:00:04 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2011/12/23 10:39:17 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2011/12/21 15:06:06 | 000,019,335 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\engineering flowchart.jpg
[2011/12/19 23:15:31 | 000,003,625 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\attach.zip
[2011/12/19 19:31:14 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HiJackThis.lnk
[2011/12/19 19:20:18 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/10 11:33:24 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/10 11:33:24 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/08 10:47:56 | 000,045,286 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\bob.jpg
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 12:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/28 09:16:19 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
========== Files Created - No Company Name ==========
[2011/12/26 14:44:26 | 000,000,698 | ---- | C] () -- C:\WINDOWS\HOSTS
[2011/12/26 14:42:59 | 000,357,766 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HostsXpert.zip
[2011/12/26 13:34:54 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\erunt.zip
[2011/12/26 10:08:19 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/26 10:08:19 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/26 10:03:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 10:03:13 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 10:03:01 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/26 09:31:09 | 064,207,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\setup_av_free_cnet.exe
[2011/12/23 19:38:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/12/23 19:38:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/12/23 19:36:10 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2011/12/23 19:34:53 | 000,002,056 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Keyboard.lnk
[2011/12/23 18:35:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/23 18:34:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/23 18:32:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/23 18:32:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/23 18:32:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/23 18:32:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/23 18:32:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/23 12:00:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2011/12/21 15:06:05 | 000,019,335 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\engineering flowchart.jpg
[2011/12/19 23:15:31 | 000,003,625 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\attach.zip
[2011/12/19 19:30:59 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HiJackThis.lnk
[2011/12/10 11:33:24 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/08 10:47:54 | 000,045,286 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\bob.jpg
[2011/11/28 09:16:19 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/20 09:58:09 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/27 11:22:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/09 23:37:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/01/10 11:24:08 | 000,026,040 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/20 20:10:17 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 07:01:39 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/04/13 15:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/13 13:35:38 | 000,027,744 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/04/13 13:33:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/04/13 13:32:59 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/04/13 13:32:59 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/04/13 13:13:52 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/13 13:13:52 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/04/13 13:13:52 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/13 13:13:51 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/13 13:13:50 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/13 13:13:50 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/04/13 13:13:47 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/04/13 13:13:47 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/04/13 12:59:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 12:53:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/13 08:46:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/13 08:45:11 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/03 23:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 12:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,442,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,071,926 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011/12/26 10:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/04/17 06:57:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/17 07:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/26 21:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/21 10:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/25 10:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/21 14:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Amazon
[2011/09/14 11:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Fuvauk
[2011/12/21 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\IMVU
[2011/12/15 22:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\IMVUClient
[2010/04/04 11:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\My Games
[2011/09/07 11:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Onheni
[2011/05/18 14:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Petroglyph
[2009/04/17 07:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ScanSoft
[2011/05/20 16:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Unity
[2010/01/16 13:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Vivox
[2011/12/26 12:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\wbtooltb
========== Purity Check ==========
< End of report >
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.05 Mb Total Physical Memory | 636.53 Mb Available Physical Memory | 62.28% Memory free
2.40 Gb Paging File | 2.14 Gb Available in Paging File | 89.18% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 19.58 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
Computer Name: STUDENT-7A2F6C6 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\11122601\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11122601\aswRep.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11112801\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11112801\aswRep.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
========== Win32 Services (SafeList) ==========
SRV - (getPlusHelper) getPlus(R) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Iap) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe (Dell Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
========== Driver Services (SafeList) ==========
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {C3947F4E-8894-4C04-98E0-DF182C706DDF}:1.0
FF - prefs.js..extensions.enabledItems: kwtr-for-firefox@klout.com:1.0.5
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mike\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/26 10:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/19 19:12:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/19 19:12:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/12/19 19:12:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
[2009/09/07 00:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2009/09/07 00:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/12/26 12:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\b9lawpa0.default\extensions
[2009/06/04 23:00:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\b9lawpa0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/05/07 20:54:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\b9lawpa0.default\extensions\moveplayer@movenetworks.com
[2011/09/01 16:20:11 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\b9lawpa0.default\extensions\personas@christopher.beard
[2011/12/10 11:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B9LAWPA0.DEFAULT\EXTENSIONS\KWTR-FOR-FIREFOX@KLOUT.COM.XPI
[2011/12/26 10:02:40 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0E1518-7919-4C16-BD59-F75A5D3C1279}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/13 12:57:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/26 14:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\HostsXpert
[2011/12/26 13:37:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/26 13:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\erunt
[2011/12/26 10:12:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/26 10:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/12/26 10:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/26 10:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Google
[2011/12/26 10:03:00 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/26 10:03:00 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/26 10:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/26 10:02:58 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/26 10:02:58 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/26 10:02:57 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/26 10:02:56 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/26 10:02:56 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/26 10:02:55 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/26 10:02:35 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/26 10:02:34 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/26 10:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/26 10:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/25 19:52:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/25 19:46:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2011/12/25 14:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/25 14:06:49 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2011/12/25 11:45:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/23 19:37:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2011/12/23 19:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
[2011/12/23 19:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/12/23 19:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Keyboard
[2011/12/23 19:34:40 | 001,421,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll
[2011/12/23 19:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/12/23 18:34:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/23 18:32:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/23 18:32:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/23 18:32:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/23 18:32:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/23 18:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/23 18:32:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/23 18:25:49 | 004,351,768 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2011/12/23 18:25:01 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Mike\Desktop\ATF-Cleaner.exe
[2011/12/23 10:39:09 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2011/12/19 23:08:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\Administrative Tools
[2011/12/19 19:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/19 19:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\HiJackThis
[2011/11/28 09:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/28 09:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/28 09:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/28 09:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
========== Files - Modified Within 30 Days ==========
[2011/12/26 16:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 14:44:54 | 000,000,698 | ---- | M] () -- C:\WINDOWS\HOSTS
[2011/12/26 14:43:00 | 000,357,766 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HostsXpert.zip
[2011/12/26 14:41:54 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/26 14:41:53 | 000,027,744 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/12/26 14:41:41 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 13:34:55 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\erunt.zip
[2011/12/26 10:12:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/26 10:11:49 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/26 10:08:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/26 10:03:01 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/26 10:02:57 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/26 10:01:10 | 064,207,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\setup_av_free_cnet.exe
[2011/12/25 19:59:26 | 000,442,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/25 19:59:26 | 000,071,926 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/25 19:55:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/25 19:54:53 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 19:46:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2011/12/25 14:08:17 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Mike\Desktop\esetsmartinstaller_enu.exe
[2011/12/25 11:26:50 | 004,351,768 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2011/12/25 10:38:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/25 10:37:46 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/24 17:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/23 19:38:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/12/23 19:38:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/12/23 19:36:10 | 000,002,030 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2011/12/23 19:34:53 | 000,002,056 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Keyboard.lnk
[2011/12/23 18:35:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/23 18:25:01 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Mike\Desktop\ATF-Cleaner.exe
[2011/12/23 12:00:04 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2011/12/23 10:39:17 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2011/12/21 15:06:06 | 000,019,335 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\engineering flowchart.jpg
[2011/12/19 23:15:31 | 000,003,625 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\attach.zip
[2011/12/19 19:31:14 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HiJackThis.lnk
[2011/12/19 19:20:18 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/10 11:33:24 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/10 11:33:24 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/08 10:47:56 | 000,045,286 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\bob.jpg
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 12:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/28 09:16:19 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
========== Files Created - No Company Name ==========
[2011/12/26 14:44:26 | 000,000,698 | ---- | C] () -- C:\WINDOWS\HOSTS
[2011/12/26 14:42:59 | 000,357,766 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HostsXpert.zip
[2011/12/26 13:34:54 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\erunt.zip
[2011/12/26 10:08:19 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/26 10:08:19 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/26 10:03:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 10:03:13 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 10:03:01 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/26 09:31:09 | 064,207,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\setup_av_free_cnet.exe
[2011/12/23 19:38:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/12/23 19:38:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/12/23 19:36:10 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2011/12/23 19:34:53 | 000,002,056 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Keyboard.lnk
[2011/12/23 18:35:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/23 18:34:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/23 18:32:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/23 18:32:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/23 18:32:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/23 18:32:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/23 18:32:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/23 12:00:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2011/12/21 15:06:05 | 000,019,335 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\engineering flowchart.jpg
[2011/12/19 23:15:31 | 000,003,625 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\attach.zip
[2011/12/19 19:30:59 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HiJackThis.lnk
[2011/12/10 11:33:24 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/08 10:47:54 | 000,045,286 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\bob.jpg
[2011/11/28 09:16:19 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/20 09:58:09 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/27 11:22:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/09 23:37:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/01/10 11:24:08 | 000,026,040 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/20 20:10:17 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 07:01:39 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/04/13 15:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/13 13:35:38 | 000,027,744 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/04/13 13:33:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/04/13 13:32:59 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/04/13 13:32:59 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/04/13 13:13:52 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/13 13:13:52 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/04/13 13:13:52 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/13 13:13:51 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/13 13:13:50 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/13 13:13:50 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/04/13 13:13:47 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/04/13 13:13:47 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/04/13 12:59:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 12:53:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/13 08:46:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/13 08:45:11 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/03 23:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 12:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,442,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,071,926 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011/12/26 10:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/04/17 06:57:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/17 07:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/26 21:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/21 10:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/25 10:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/21 14:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Amazon
[2011/09/14 11:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Fuvauk
[2011/12/21 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\IMVU
[2011/12/15 22:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\IMVUClient
[2010/04/04 11:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\My Games
[2011/09/07 11:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Onheni
[2011/05/18 14:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Petroglyph
[2009/04/17 07:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ScanSoft
[2011/05/20 16:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Unity
[2010/01/16 13:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Vivox
[2011/12/26 12:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\wbtooltb
========== Purity Check ==========
< End of report >
ken545
Emeritus-Security Expert
It looks like it created a host file in C:\WINDOWS\HOSTS, the hosts file should be here c:\windows\system32\drivers\etc\hosts
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version
Are you still being redirected ??
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code::dir c:\windows\system32\drivers\etc\hosts :filefind hosts - Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Are you still being redirected ??
SystemLook 30.07.11 by jpshortstuff
Log created at 17:34 on 26/12/2011 by Mike
Administrator - Elevation successful
========== dir ==========
c:\windows\system32\drivers\etc\hosts - Unable to find folder.
========== filefind ==========
Searching for "hosts"
C:\WINDOWS\HOSTS --a---- 698 bytes [19:44 26/12/2011] [19:44 26/12/2011] CC097BEA9A742D97F5A8C6EF3F7B14CF
-= EOF =-
Log created at 17:34 on 26/12/2011 by Mike
Administrator - Elevation successful
========== dir ==========
c:\windows\system32\drivers\etc\hosts - Unable to find folder.
========== filefind ==========
Searching for "hosts"
C:\WINDOWS\HOSTS --a---- 698 bytes [19:44 26/12/2011] [19:44 26/12/2011] CC097BEA9A742D97F5A8C6EF3F7B14CF
-= EOF =-
ken545
Emeritus-Security Expert
Hi, its been pointed out that this system is really out of date, I was going to mention it to you when we where done, doing all the cleaning and running programs to remove stuff is futile as being outdated as it is you running a real good risk of leaving yourself open for infections.
Go to Start > All Programs > Windows Update and see if you can download and install SP3 (Service Pack 3 )
Go to Start > All Programs > Windows Update and see if you can download and install SP3 (Service Pack 3 )
Last edited: