Real threat or false positive (with Avast 5)?

Recently updated to Avast 5 and several times now on different days my behavior shield has alerted me about suspicious files, and so far I’ve chosen to delete them and left the box checked to send the files to Avast, but I’m still getting these messages and each time the file name is just slightly different. Here are the file names:
C:\DOCUME~1\guest2\LOCALS~1\Temp\dBP21.tmp
(the rest are all the same except for the last part of the file name)
\dBPBA.tmp
\dBP1B.tmp
The were two more but I scribbled them quickly and it’s not really legible, but they do begin with dBP. After deleting them I checked the virus vault to see if they were sent there, but the vault is empty. I tried finding the folder where these files originated, being sure to choose to “show hidden files and folders”. I assumed DOCUME~1 was the Documents and Settings folder and LOCALS~1 was the LocalService folder, but there was no TEMP folder located there. I clicked on the Local Settings folder located in LocalService and found a Temp folder, which led me to three more folders, two of which in turn contain more folders. After much searching I can’t find any .tmp files in these folders, much less .tmp files with names that begin with dBP. I used the search function to look for files with dBP in their file names but didn’t come up with anything that looked like these .tmp files. I’ve also begun to wonder if these files could be related to dBpoweramp, which is a utility to convert audio files to different formats. I’ve had this program for years without problems, and from all I’ve seen the company is legit. I’ve run both a full system scan and boot-time scan with Avast, as well as full scans with MBAM and SuperAntiSpyware, and haven’t found anything. Should I write this off as Avast being paranoid and alerting me about files that aren’t really a problem?

Try this, and see if the problem goes away. tell us if it worked

TFC - Temp File Cleaner by OldTimer ( it will clean ALL and ONLY temp files)
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Thanks for the reply. I ran that program and it cleaned out about 500MB of junk. It’ll probably be a couple incident-free days before I’d feel comfortable saying the problem is cleared up, but if nothing else at least I freed up a lot of space. And here I was thinking Ccleaner was getting rid of all the junk.

CCleaner is very good, cleans lots of stuff, but TFC is a specialiced tool for temp file cleaning. I think one of the Malware experts at geekstogo made it…maybe Essexboy can tell us?

Well, I’m back. Another alert from avast, this time the file is named dBP96.tmp. Here’s the full text of the message: “Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.” This time, before I deleted it I did a search for the file name and again came back with nothing. So I’m getting an alert about a file that the search can’t even find on my computer.

It’s a temporary file (most probably infected) that is randomically generated by the malware vector.
I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

If tech suggestions does not work then the next to try will be Essexboy`s tricks

Follow this guide from Essexboy and post the log`s here
http://forum.avast.com/index.php?topic=53253.0

lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. and MBAM scan log )

Last night I ran Panda Activescan and it was clean. This morning I ran Spybot S&D and it was also clean. After I checked the responses here, I followed most of Techs suggestions. I cleared my temp files again, then ran a Dr. Web express scan (which wasn’t so express at two and a half hours). It found two suspicious files. I thought it might be a false positive given that they were in a folder for Comcast Desktop Doctor, which is a legit program, but to be on the safe side I quarantined these files:
sprtsync.dll
sprtupdate.dll
I ran a Trend Micro RootkitBuster scan, which came back clean. I also disabled and re-enabled system restore. I already have SpywareBlaster installed. I then tried to do another MBAM scan, but when I came back to my computer to check on the progress, the screen was black and there was this thing floating around telling me that the monitor was working and I should check the video connection. I checked my monitor connection and everything was fine. The Num Lock button on my keyboard was lit, and I could hear the computer’s fan running, but I just had this black screen with that message. The only thing I could think to do was to unplug the computer and then plug it back in. When it started I got a message saying that my computer had recovered from a serious error. It gave me the option to send an error report to Microsoft, which I did, and then it took me to this page, “Troubleshoot a problem with a device driver”:
http://tinyurl.com/2at7t6j
I’m going to try running MBAM again, hoping the error doesn’t happen again. In the meantime, here’s my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:19 PM, on 8/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:12080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM..\Run: [PCMService] “C:\Program Files\Dell\Media Experience\PCMService.exe”
O4 - HKLM..\Run: [DVDLauncher] “C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe”
O4 - HKLM..\Run: [UpdateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [ddoctorv2] “C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe” /P ddoctorv2
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU..\Run: [DellSupport] “C:\Program Files\Dell Support\DSAgnt.exe” /startup
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [Google Update] “C:\Documents and Settings\guest2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30FEDFBF-391B-45F7-8AFF-796E8A532869} (PCRHTML3.HTML1) - http://www.pcrecruiter.net/pcrimg/PCRHTML.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1c9c2bb298f7cc4) (gupdate1c9c2bb298f7cc4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


End of file - 6784 bytes

Hi, You have a hijacked proxy plus there may well be something else hiding

http://www.geekstogo.com/misc/guide_icons/OTLI.gif
OTL - Download or alternative link here and here to your desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.*
%systemroot%\Fonts*.com
%systemroot%\Fonts*.dll
%systemroot%\Fonts*.ini
%systemroot%\Fonts*.ini2
%systemroot%\Fonts*.exe
%systemroot%\system32\spool\prtprocs\w32x86*.*
%systemroot%\REPAIR*.bak1
%systemroot%\REPAIR*.ini
%systemroot%\system32*.jpg
%systemroot%*.jpg
%systemroot%*.png
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%\Adobe\Update*.*
%ALLUSERSPROFILE%\Favorites*.*
%APPDATA%\Microsoft*.*
%PROGRAMFILES%*.*
%APPDATA%\Update*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu*.lnk /x
%systemroot%\system32\config\systemprofile*.dat /x
%systemroot%*.config
%systemroot%\system32*.db
%PROGRAMFILES%\Internet Explorer*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch*.lnk /x
%USERPROFILE%\Desktop*.exe
%PROGRAMFILES%\Common Files*.*
%systemroot%*.src
%systemroot%\install*.*
%systemroot%\system32\DLL*.*
%systemroot%\system32\HelpFiles*.*
%systemroot%\system32\rundll*.*
%systemroot%\winn32*.*
%systemroot%\Java*.*
%systemroot%\system32\test*.*
%systemroot%\system32\Rundll32*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

I was able to run MBAM, and it didn’t find anything. To essexboy: I was wondering if you meant (when you said I had a hijacked proxy) the bit in the log where it says “R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:12080”. IIRC that stems from a time when I had an old version of ZoneAlarm that conflicted with Avast’s invisible proxy, and after searching around I found a workaround by using the “12080” proxy. Since then I’ve updated ZoneAlarm and have gone back to using no proxy. Again, I’m not even sure if that’s what you meant. I ran otl, and I’ll post the logs here (though I’ll probably have to break them up to meet the character limit). You’ll notice that the times on the logs don’t match. The first time I ran the scan both reports opened, and after I closed them I couldn’t find them again, so I ran the scan again, but this time only a new “otl” report was created, and not the “extras” report. I ran the scan a third time thinking I must’ve done something wrong, but again only an “otl” file was created. I did eventually find the “extras” file from the first scan however, so I’m posting that along with the “otl” report from the third scan.

OTL, part 1

OTL logfile created on: 8/21/2010 7:06:26 PM - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\guest2\My Documents\otl
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 80.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.50 Gb Total Space | 13.57 Gb Free Space | 18.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GUEST
Current User Name: guest2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/21 18:35:19 | 000,575,488 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\guest2\My Documents\otl\OTL.exe
PRC - [2010/07/24 11:32:06 | 000,910,296 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) – C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) – C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) – C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) – C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2004/10/14 16:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) – C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/10/04 15:50:20 | 000,917,611 | ---- | M] (Dell Inc.) – C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2004/10/04 15:10:16 | 000,327,769 | ---- | M] (Conexant Systems, Inc.) – C:\WINDOWS\SYSTEM32\PRISMSVR.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | R— | M] (BVRP Software) – C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/08/21 18:35:19 | 000,575,488 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\guest2\My Documents\otl\OTL.exe
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) – C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\SYSTEM32\MSVCP60.DLL
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\SYSTEM32\MSSCRIPT.OCX

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] – C:\WINDOWS\System32\hidserv.dll – (HidServ)
SRV - File not found [Auto | Stopped] – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv)
SRV - File not found [On_Demand | Stopped] – C:\WINDOWS\System32\appmgmts.dll – (AppMgmt)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] – C:\WINDOWS\System32\ZoneLabs\vsmon.exe – (vsmon)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] – C:\Program Files\NOS\bin\getPlus_Helper.dll – (getPlusHelper) getPlus(R)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] – C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe – (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2004/10/04 15:12:50 | 000,057,344 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] – C:\WINDOWS\SYSTEM32\PRISMSVC.exe – (PRISMSVC)

OTL, part 2

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\System32\DRIVERS\wanatw4.sys – (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\System32\Drivers\usbaapl.sys – (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] – C:\DOCUME~1\guest2\LOCALS~1\Temp\catchme.sys – (catchme)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] – C:\WINDOWS\SYSTEM32\vsdatant.sys – (vsdatant)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS – (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\sasdifsv.sys – (SASDIFSV)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] – C:\WINDOWS\system32\drivers\pavboot.sys – (pavboot)
DRV - [2009/04/18 10:25:13 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys – (PalmUSBD)
DRV - [2004/09/26 20:42:00 | 000,345,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys – (DELL_A02)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys – (senfilt)
DRV - [2004/08/13 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys – (drvnddm)
DRV - [2004/08/13 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys – (tfsnudfa)
DRV - [2004/08/13 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys – (tfsnudf)
DRV - [2004/08/13 02:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys – (tfsnifs)
DRV - [2004/08/13 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys – (tfsncofs)
DRV - [2004/08/13 02:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys – (tfsnboio)
DRV - [2004/08/13 02:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys – (tfsnopio)
DRV - [2004/08/13 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys – (tfsnpool)
DRV - [2004/08/13 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys – (tfsndrct)
DRV - [2004/08/13 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] – C:\WINDOWS\SYSTEM32\dla\tfsndres.sys – (tfsndres)
DRV - [2004/08/04 04:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\drvmcdb.sys – (drvmcdb)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\amdagp.sys – (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\sisagp.sys – (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS – (nv)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] – C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys – (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] – C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys – (ssrtln)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys – (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys – (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys – (HSF_DP)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\sparrow.sys – (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\sym_u3.sys – (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\sym_hi.sys – (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\symc8xx.sys – (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\symc810.sys – (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys – (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\ultra.sys – (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\ql12160.sys – (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\ql1080.sys – (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\ql1280.sys – (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\dac2w2k.sys – (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\mraid35x.sys – (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\asc.sys – (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\asc3550.sys – (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\aliide.sys – (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\cmdide.sys – (CmdIde)

OTL, part 3

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 1
IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = localhost:12080

========== FireFox ==========

FF - prefs.js…browser.search.suggest.enabled: false
FF - prefs.js…browser.search.useDBForOrder: true
FF - prefs.js…browser.startup.homepage: “http://www.comcast.net
FF - prefs.js…extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js…extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js…extensions.enabledItems: 6
FF - prefs.js…extensions.enabledItems: 2
FF - prefs.js…extensions.enabledItems: 44
FF - prefs.js…extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js…extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js…extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js…extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js…extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js…extensions.enabledItems: {10187899-7ffe-4f9a-b9d2-35fdb3b49690}:0.6.3
FF - prefs.js…extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js…extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.3
FF - prefs.js…extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js…extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js…extensions.enabledItems: {e8f509f0-b677-11de-8a39-0800200c9a66}:1.8
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js…extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.6
FF - prefs.js…extensions.enabledItems: bloodfire@example.com:3.6
FF - prefs.js…extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10
FF - prefs.js…extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js…extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js…extensions.enabledItems: nasanightlaunch@example.com:0.6.20100805
FF - prefs.js…network.proxy.http: “localhost”
FF - prefs.js…network.proxy.http_port: 12080
FF - prefs.js…network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 21:20:53 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 11:15:29 | 000,000,000 | —D | M]

OTL, part 4

[2009/11/18 18:23:44 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Extensions
[2009/11/18 18:23:44 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/08/21 11:23:47 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions
[2010/03/25 19:22:12 | 000,000,000 | —D | M] (Screengrab) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/05 12:28:28 | 000,000,000 | —D | M] (Forecastfox) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/03/05 16:07:46 | 000,000,000 | —D | M] (Auto Copy) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/04/30 19:45:00 | 000,000,000 | —D | M] (IMDb Preview) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{10187899-7ffe-4f9a-b9d2-35fdb3b49690}
[2010/01/31 16:55:27 | 000,000,000 | —D | M] (Blue Fox) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{241aae70-0022-11de-87af-0800200c9a66}
[2009/10/15 10:30:27 | 000,000,000 | —D | M] (PDF Download) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/17 19:47:43 | 000,000,000 | —D | M] (Flashblock) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/12 20:31:59 | 000,000,000 | —D | M] (Aero Fox Silver XL) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2010/08/21 11:23:28 | 000,000,000 | —D | M] (NoScript) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/07/27 09:31:41 | 000,000,000 | —D | M] (DownloadHelper) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/14 21:22:35 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/08/18 13:29:46 | 000,000,000 | —D | M] (Adblock Plus) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/17 14:57:14 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{dc572301-7619-498c-a57d-39143191b318}
[2010/05/29 21:27:17 | 000,000,000 | —D | M] (DownThemAll!) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/08 12:45:08 | 000,000,000 | —D | M] (Gradient iCool) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/09/11 11:08:03 | 000,000,000 | —D | M] (Adobe DLM (powered by getPlus(R))) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/22 18:27:02 | 000,000,000 | —D | M] (Web2PDF converter) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{e8f509f0-b677-11de-8a39-0800200c9a66}
[2010/04/15 07:29:18 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\bloodfire@example.com
[2010/03/05 16:07:33 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\chromifox@altmusictv.com
[2010/04/16 14:42:25 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\firegestures@xuldev.org
[2010/07/24 11:30:51 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\https-everywhere@eff.org
[2010/08/10 16:56:19 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\nasanightlaunch@example.com
[2010/06/25 23:18:41 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\netvideohunter@netvideohunter.com
[2009/07/09 13:37:30 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\omiazad@msn.com
[2010/04/14 00:18:57 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\personas@christopher.beard
[2009/04/20 18:57:02 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\perspectives@cmu.edu
[2010/06/18 20:04:59 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\piclens@cooliris.com
[2010/08/04 16:33:23 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions\smarterwiki@wikiatic.com
[2010/08/12 20:31:59 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/08/12 20:31:59 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\extensions{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
[2010/08/18 20:03:36 | 000,001,546 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\allmusic—google.xml
[2010/08/18 20:03:38 | 000,005,100 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\box-office-mojo.xml
[2009/09/02 10:42:59 | 000,002,758 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\cuil.xml
[2009/04/20 18:56:34 | 000,000,931 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\dictionary.xml
[2009/04/20 18:56:21 | 000,001,504 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\imdb.xml
[2010/08/18 20:03:38 | 000,001,942 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\mycroft-project.xml
[2010/08/14 23:30:20 | 000,001,189 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\scroogle-1.xml
[2010/05/20 09:27:41 | 000,001,189 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\scroogle.xml
[2010/08/17 16:07:48 | 000,002,314 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\songmeanings—artist.xml
[2010/08/14 23:30:20 | 000,002,320 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\songmeanings—song-title.xml
[2009/12/30 10:37:11 | 000,002,013 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\urban-dictionary.xml
[2009/04/20 18:55:51 | 000,000,705 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\webster.xml
[2009/04/20 19:51:11 | 000,001,032 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\wikipedia-eng.xml
[2009/05/30 09:40:25 | 000,000,945 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Mozilla\Firefox\Profiles\vhxfryq9.default\searchplugins\youtube-video-search.xml
[2010/08/21 11:23:48 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions
[2010/06/27 13:40:21 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/27 13:39:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

OTL, part 5

O1 HOSTS File: ([2010/08/20 10:09:24 | 000,416,778 | R— | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14388 more lines…
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM…\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM…\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe (HP)
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM…\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM…\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1784066151-926666739-2172271728-1007…\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1784066151-926666739-2172271728-1007…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra ‘Tools’ menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {30FEDFBF-391B-45F7-8AFF-796E8A532869} http://www.pcrecruiter.net/pcrimg/PCRHTML.CAB (PCRHTML3.HTML1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk ) - File not found
O35 - HKLM..comfile [open] – “%1” %

O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*

OTL, part 6

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\WMI.DLL (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619700398653440)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/21 19:05:45 | 000,000,000 | —D | C] – C:\Documents and Settings\guest2\My Documents\otl
[2010/08/21 16:23:13 | 000,000,000 | RH-D | C] – C:\Documents and Settings\guest2\Recent
[2010/08/21 15:55:09 | 000,000,000 | —D | C] – C:\WINDOWS\Minidump
[2010/08/21 11:46:26 | 000,000,000 | —D | C] – C:\Documents and Settings\guest2\DoctorWeb
[2010/08/21 11:05:37 | 000,161,296 | ---- | C] (Trend Micro Inc.) – C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/21 11:04:32 | 000,000,000 | —D | C] – C:\Documents and Settings\guest2\My Documents\New Folder
[2010/08/20 20:29:34 | 000,028,552 | ---- | C] (Panda Security, S.L.) – C:\WINDOWS\System32\drivers\pavboot.sys
[2010/08/16 23:14:34 | 000,165,456 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/16 23:14:34 | 000,017,744 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/16 23:14:32 | 000,023,376 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/16 23:14:31 | 000,046,672 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/16 23:14:30 | 000,100,176 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/16 23:14:30 | 000,094,544 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/16 23:14:29 | 000,028,880 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/16 23:13:23 | 000,038,848 | ---- | C] (ALWIL Software) – C:\WINDOWS\avastSS.scr
[2010/08/16 23:13:22 | 000,165,032 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\aswBoot.exe
[2010/08/16 23:12:49 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/16 17:51:50 | 000,000,000 | —D | C] – C:\Temp
[2010/08/16 17:44:29 | 000,000,000 | —D | C] – C:\Documents and Settings\guest2\Application Data\Digital Album Organizer
[2010/08/16 17:35:25 | 000,000,000 | —D | C] – C:\Documents and Settings\guest2\Application Data\Wal-Mart Digital Photo Viewer
[2010/08/03 19:00:26 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/08/03 19:00:23 | 000,000,000 | —D | C] – C:\Program Files\FreeRIP3
[2010/07/28 14:24:04 | 000,000,000 | —D | C] – C:\Program Files\AnvSoft
[2010/07/12 20:11:40 | 000,000,000 | —D | C] – C:\Documents and Settings\guest2\Application Data\Stella
[2010/07/12 20:10:44 | 000,000,000 | —D | C] – C:\Program Files\Stella
[2010/07/08 15:37:05 | 000,000,000 | —D | C] – C:\Documents and Settings\guest2\Application Data\vlc
[2010/06/27 13:40:57 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/27 01:19:51 | 000,000,000 | —D | C] – C:\WINDOWS\ie7updates
[2010/06/23 22:22:05 | 000,000,000 | —D | C] – C:\WINDOWS\WBEM
[2010/06/23 22:22:02 | 000,000,000 | —D | C] – C:\WINDOWS\System32\en-US
[2010/06/23 22:20:08 | 000,000,000 | -H-D | C] – C:\WINDOWS\ie7
[2010/06/23 22:19:47 | 000,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$
[2010/06/23 22:19:19 | 000,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$
[2010/06/23 15:46:07 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/17 21:57:10 | 000,000,000 | —D | C] – C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/06/17 21:57:10 | 000,000,000 | —D | C] – C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/06/13 19:36:17 | 000,000,000 | —D | C] – C:\Program Files\Speccy
[2010/06/08 11:50:45 | 000,000,000 | —D | C] – C:\Program Files\QuickTime
[2010/06/03 01:38:44 | 000,000,000 | —D | C] – C:\Program Files\SpywareBlaster
[2010/06/01 22:50:56 | 000,000,000 | —D | C] – C:!KillBox
[2010/05/28 17:37:27 | 000,000,000 | —D | C] – C:\Program Files\Recuva

OTL, part 7

========== Files - Modified Within 90 Days ==========

[2010/08/21 18:53:01 | 000,000,982 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1784066151-926666739-2172271728-1007UA.job
[2010/08/21 18:22:01 | 000,000,886 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/21 15:55:57 | 000,000,868 | ---- | M] () – C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/21 15:55:40 | 000,000,882 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/21 15:55:30 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT
[2010/08/21 15:55:08 | 000,002,048 | --S- | M] () – C:\WINDOWS\BOOTSTAT.DAT
[2010/08/21 15:55:07 | 534,827,008 | -HS- | M] () – C:\hiberfil.sys
[2010/08/21 11:34:23 | 014,680,064 | -H-- | M] () – C:\Documents and Settings\guest2\NTUSER.DAT
[2010/08/21 11:33:59 | 000,000,278 | -HS- | M] () – C:\Documents and Settings\guest2\NTUSER.INI
[2010/08/21 11:15:30 | 000,001,729 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/21 11:05:37 | 000,161,296 | ---- | M] (Trend Micro Inc.) – C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/20 22:53:14 | 000,000,930 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1784066151-926666739-2172271728-1007Core.job
[2010/08/20 21:06:32 | 000,002,293 | ---- | M] () – C:\Documents and Settings\guest2\Desktop\Google Chrome.lnk
[2010/08/20 11:48:01 | 000,044,544 | ---- | M] () – C:\Documents and Settings\guest2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 10:09:24 | 000,416,778 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/08/16 23:14:35 | 000,001,700 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/16 23:14:30 | 000,002,626 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT
[2010/08/11 14:03:48 | 000,416,571 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100820-100924.backup
[2010/08/03 21:33:24 | 000,966,656 | -H-- | M] () – C:\Documents and Settings\guest2\My Documents\photothumb.db
[2010/08/03 19:11:12 | 000,000,073 | ---- | M] () – C:\WINDOWS\cdplayer.ini
[2010/08/03 19:00:46 | 000,001,264 | ---- | M] () – C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/03 19:00:25 | 000,000,630 | ---- | M] () – C:\Documents and Settings\guest2\Desktop\FreeRIP.lnk
[2010/07/28 14:24:15 | 000,000,799 | ---- | M] () – C:\Documents and Settings\guest2\Desktop\Any Video Converter.lnk
[2010/07/28 14:19:42 | 000,000,682 | ---- | M] () – C:\Documents and Settings\guest2\Desktop\CCleaner.lnk
[2010/07/25 13:06:47 | 000,870,128 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\mcs.rma
[2010/07/25 13:06:47 | 000,000,004 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\570BB0
[2010/07/18 12:08:08 | 000,412,044 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100811-140348.backup
[2010/07/08 15:35:34 | 000,000,719 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/07/08 15:27:18 | 000,002,519 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Comcast Desktop Doctor.lnk
[2010/07/08 15:22:07 | 000,411,842 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100718-120808.backup
[2010/07/08 15:12:57 | 000,004,212 | -H-- | M] () – C:\WINDOWS\System32\zllictbl.dat
[2010/07/08 15:05:20 | 000,420,800 | ---- | M] () – C:\WINDOWS\System32\vsconfig.xml
[2010/07/08 15:04:35 | 000,000,731 | ---- | M] () – C:\Documents and Settings\guest2\Desktop\ZoneAlarm Security.lnk
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) – C:\WINDOWS\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) – C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 15:32:42 | 000,094,544 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/24 16:34:07 | 000,002,187 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/24 16:23:00 | 000,001,854 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/23 22:36:10 | 000,408,505 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100708-152207.backup
[2010/06/23 22:25:42 | 000,000,815 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/23 22:08:38 | 000,000,800 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100623-223610.backup
[2010/06/23 22:08:18 | 000,000,800 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100623-220837.backup
[2010/06/23 21:53:30 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\WPA.DBL
[2010/06/23 16:01:25 | 000,408,517 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100623-220818.backup
[2010/06/23 15:45:54 | 000,001,678 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/16 16:59:45 | 000,408,391 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100623-160125.backup
[2010/06/14 11:08:41 | 000,000,963 | ---- | M] () – C:\Documents and Settings\guest2\Desktop\Spybot - Search & Destroy.lnk
[2010/06/13 19:39:35 | 000,404,329 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100616-165945.backup
[2010/06/13 19:36:21 | 000,001,512 | ---- | M] () – C:\Documents and Settings\guest2\Desktop\Speccy.lnk
[2010/06/10 10:02:18 | 000,270,192 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 11:51:16 | 000,001,604 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/07 11:48:38 | 000,403,630 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100613-193935.backup
[2010/06/03 01:38:45 | 000,000,690 | ---- | M] () – C:\Documents and Settings\guest2\Desktop\SpywareBlaster.lnk
[2010/06/03 01:32:27 | 000,403,630 | R— | M] () – C:\WINDOWS\System32\drivers\ETC\hosts.20100607-114838.backup
[2010/05/31 22:37:54 | 002,641,454 | -H-- | M] () – C:\Documents and Settings\guest2\Local Settings\Application Data\IconCache.db
[2010/05/28 17:37:33 | 000,001,512 | ---- | M] () – C:\Documents and Settings\guest2\Desktop\Recuva.lnk

OTL, part 8

========== Files Created - No Company Name ==========

[2010/08/16 23:14:35 | 000,001,700 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/16 22:56:53 | 534,827,008 | -HS- | C] () – C:\hiberfil.sys
[2010/08/03 19:01:38 | 000,000,073 | ---- | C] () – C:\WINDOWS\cdplayer.ini
[2010/08/03 19:00:46 | 000,001,264 | ---- | C] () – C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/03 19:00:25 | 000,000,630 | ---- | C] () – C:\Documents and Settings\guest2\Desktop\FreeRIP.lnk
[2010/07/28 14:24:15 | 000,000,799 | ---- | C] () – C:\Documents and Settings\guest2\Desktop\Any Video Converter.lnk
[2010/07/08 15:35:34 | 000,000,719 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/07/08 15:04:35 | 000,000,731 | ---- | C] () – C:\Documents and Settings\guest2\Desktop\ZoneAlarm Security.lnk
[2010/07/08 15:04:18 | 000,420,800 | ---- | C] () – C:\WINDOWS\System32\vsconfig.xml
[2010/06/24 16:23:00 | 000,002,187 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/24 16:23:00 | 000,001,854 | ---- | C] () – C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/23 15:45:54 | 000,001,678 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/13 19:36:21 | 000,001,512 | ---- | C] () – C:\Documents and Settings\guest2\Desktop\Speccy.lnk
[2010/06/08 11:51:16 | 000,001,604 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/08 11:42:26 | 000,001,729 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/03 01:38:45 | 000,000,690 | ---- | C] () – C:\Documents and Settings\guest2\Desktop\SpywareBlaster.lnk
[2010/05/28 17:37:33 | 000,001,512 | ---- | C] () – C:\Documents and Settings\guest2\Desktop\Recuva.lnk
[2010/02/07 20:59:44 | 000,000,043 | ---- | C] () – C:\WINDOWS\gswin32.ini
[2009/08/24 14:41:00 | 000,000,478 | ---- | C] () – C:\WINDOWS\hpbvspst.ini
[2009/04/25 16:26:17 | 000,000,004 | ---- | C] () – C:\Documents and Settings\guest2\Application Data\570BB0
[2009/04/25 16:26:16 | 000,870,128 | ---- | C] () – C:\Documents and Settings\guest2\Application Data\mcs.rma
[2009/04/19 17:08:51 | 000,044,544 | ---- | C] () – C:\Documents and Settings\guest2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/14 12:21:32 | 000,000,000 | ---- | C] () – C:\WINDOWS\QuickInstall.INI
[2008/01/02 19:05:46 | 000,000,376 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2007/12/25 20:05:37 | 000,002,590 | ---- | C] () – C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/25 17:47:41 | 000,000,002 | ---- | C] () – C:\WINDOWS\msoffice.ini
[2006/04/26 17:09:00 | 000,102,400 | ---- | C] () – C:\WINDOWS\System32\wdt2u.dll
[2005/04/27 20:02:06 | 000,028,672 | ---- | C] () – C:\WINDOWS\System32\pcrrtxtc.dll
[2005/02/06 08:55:45 | 000,000,061 | ---- | C] () – C:\WINDOWS\smscfg.ini
[2005/02/06 08:48:54 | 000,000,138 | ---- | C] () – C:\WINDOWS\wininit.ini
[2005/02/06 08:15:26 | 000,000,520 | ---- | C] () – C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () – C:\WINDOWS\System32\px.ini
[2004/08/18 13:01:00 | 000,049,152 | ---- | C] () – C:\WINDOWS\System32\CoPrism.dll
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () – C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () – C:\WINDOWS\System32\FXSPERF.INI
[2003/09/22 15:35:20 | 000,098,304 | ---- | C] () – C:\WINDOWS\System32\decode.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () – C:\WINDOWS\System32\e100bmsg.dll

OTL, part 9

========== LOP Check ==========

[2010/08/16 23:12:49 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/03 19:00:26 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/03/14 11:36:30 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\HotSync
[2005/02/06 08:55:13 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Prism
[2009/04/20 02:03:39 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/17 18:38:48 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/06 08:53:44 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 21:42:53 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/07 08:33:03 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/27 00:11:53 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data.BitTornado
[2009/12/05 10:27:27 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\AnvSoft
[2010/02/12 11:50:33 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Any Video Converter
[2009/04/21 15:02:39 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\COWON
[2009/05/01 09:12:56 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\dBpoweramp
[2009/11/18 18:23:38 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Greyfirst
[2010/02/23 20:38:15 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Mael
[2009/06/12 18:48:32 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\SecondLife
[2010/07/12 20:12:20 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Stella
[2009/12/02 22:08:18 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Thunderbird
[2010/08/16 17:36:09 | 000,000,000 | —D | M] – C:\Documents and Settings\guest2\Application Data\Wal-Mart Digital Photo Viewer
[2008/10/15 03:07:04 | 000,000,000 | —D | M] – C:\Documents and Settings\true_til_death\Application Data\FrostWire
[2009/03/14 11:33:21 | 000,000,000 | —D | M] – C:\Documents and Settings\true_til_death\Application Data\HotSync
[2008/11/04 09:05:09 | 000,000,000 | —D | M] – C:\Documents and Settings\true_til_death\Application Data\Viewpoint

OTL, part 10

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%*.* >
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () – C:\AUTOEXEC.BAT
[2009/04/20 11:00:56 | 000,000,211 | RHS- | M] () – C:\BOOT.INI
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () – C:\CONFIG.SYS
[2005/02/06 08:20:34 | 000,004,711 | RH-- | M] () – C:\DELL.SDR
[2010/08/21 15:55:07 | 534,827,008 | -HS- | M] () – C:\hiberfil.sys
[2010/04/03 13:12:49 | 000,000,863 | ---- | M] () – C:\hpfr3500.log
[2004/08/10 14:14:36 | 000,004,128 | ---- | M] () – C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () – C:\IO.SYS
[2005/02/06 08:53:47 | 000,000,746 | -H-- | M] () – C:\IPH.PH
[2010/04/30 14:10:51 | 000,000,109 | ---- | M] () – C:\mbam-error.txt
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () – C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () – C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () – C:\NTLDR
[2010/08/21 15:55:06 | 805,306,368 | -HS- | M] () – C:\pagefile.sys
[2010/08/21 15:56:41 | 000,001,530 | ---- | M] () – C:\SMax.log
[2005/02/06 08:37:02 | 000,001,528 | ---- | M] () – C:\SMax.log.bak
[2005/02/06 08:53:56 | 000,000,087 | ---- | M] () – C:\SystemInfo.ini
[2009/01/15 09:29:17 | 000,000,150 | ---- | M] () – C:\YServer.txt

< %systemroot%\Fonts*.com >

< %systemroot%\Fonts*.dll >

< %systemroot%\Fonts*.ini >
[2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () – C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts*.ini2 >

< %systemroot%\Fonts*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86*.* >
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %systemroot%\REPAIR*.bak1 >

< %systemroot%\REPAIR*.ini >

< %systemroot%\system32*.jpg >

< %systemroot%*.jpg >

< %systemroot%*.png >

< %systemroot%*.scr >
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) – C:\WINDOWS\avastSS.scr

< %systemroot%*._sy >

< %APPDATA%\Adobe\Update*.* >

< %ALLUSERSPROFILE%\Favorites*.* >

< %APPDATA%\Microsoft*.* >

< %PROGRAMFILES%*.* >

< %APPDATA%\Update*.* >

< %systemroot%*. /mp /s >

< %systemroot%\System32\config*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () – C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () – C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () – C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu*.lnk /x >
[2004/08/10 14:04:12 | 000,000,294 | -HS- | M] () – C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile*.dat /x >

< %systemroot%*.config >

< %systemroot%\system32*.db >

< %PROGRAMFILES%\Internet Explorer*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch*.lnk /x >
[2009/04/18 10:53:15 | 000,000,119 | -HS- | M] () – C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/10 14:08:38 | 000,000,079 | ---- | M] () – C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop*.exe >

< %PROGRAMFILES%\Common Files*.* >

< %systemroot%*.src >

< %systemroot%\install*.* >

< %systemroot%\system32\DLL*.* >

< %systemroot%\system32\HelpFiles*.* >

< %systemroot%\system32\rundll*.* >

< %systemroot%\winn32*.* >

< %systemroot%\Java*.* >

< %systemroot%\system32\test*.* >

< %systemroot%\system32\Rundll32*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime: 2010-07-15 04:10:36

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes → C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 118 bytes → C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >