Author Topic: Malicious URL Blocked - Need Help (Read 14813 times)

blakerush · « **on:** April 24, 2012, 03:02:25 AM »

Hi everybody. Newbie here. I encountered a problem with a svchost.exe virus or malware on my work computer last week. My PC got extremely slow and a blue screen appeared twice shutting down my computer. I already had Norton Internet Security running, but apparently that did not catch it. So yesterday, I downloaded various virus scanning and antispyware applications (Paretologic PC Health Advisor, Malwarebytes, Avast, and SuperAntiSpyware) to clean and then protect my PC. Per this board's recommendations, I have removed NIS and am currently running Avast, MBAM and SAS.

Unfortunately, I keep receiving Avast notices stating that it has blocked two malicious URL's (ololoshaface.com and c2pokerface.com) from svchost.exe that I am not trying to access. So it seems that I still have some type of problem and my system has crashed numerous times today when I have been attempting to address the problem or simply had multiple windows open. I tried to attach screenshots of the Avast malicious URL notices but for some reason it wouldn't work. Below are my MBAM, OTL, and aswMBR logs (I apologize if i did this incorrectly, my first time doing this):

MBAM logs (in order):

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Blake :: PC-BLAKE [administrator]

Protection: Disabled

4/22/2012 12:18:27 PM
mbam-log-2012-04-22 (12-18-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241747
Time elapsed: 20 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.23.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Blake :: PC-BLAKE [administrator]

Protection: Enabled

4/23/2012 6:45:40 PM
mbam-log-2012-04-23 (18-45-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209628
Time elapsed: 19 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

blakerush · « **Reply #1 on:** April 24, 2012, 03:03:00 AM »

2012/04/22 13:45:27 -0400   PC-BLAKE   Blake   MESSAGE   Starting protection
2012/04/22 13:45:36 -0400   PC-BLAKE   Blake   MESSAGE   Protection started successfully
2012/04/22 13:45:39 -0400   PC-BLAKE   Blake   MESSAGE   Starting IP protection
2012/04/22 13:45:41 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/22 13:46:09 -0400   PC-BLAKE   Blake   IP-BLOCK   204.137.28.195 (Type: outgoing)
2012/04/22 13:46:14 -0400   PC-BLAKE   Blake   IP-BLOCK   204.137.28.195 (Type: outgoing)
2012/04/22 13:46:17 -0400   PC-BLAKE   Blake   IP-BLOCK   204.137.28.195 (Type: outgoing)
2012/04/22 13:46:23 -0400   PC-BLAKE   Blake   IP-BLOCK   204.137.28.195 (Type: outgoing)
2012/04/22 13:46:29 -0400   PC-BLAKE   Blake   IP-BLOCK   204.137.28.195 (Type: outgoing)
2012/04/22 13:46:32 -0400   PC-BLAKE   Blake   IP-BLOCK   204.137.28.195 (Type: outgoing)
2012/04/22 13:46:35 -0400   PC-BLAKE   Blake   IP-BLOCK   204.137.28.195 (Type: outgoing)
2012/04/22 13:46:38 -0400   PC-BLAKE   Blake   IP-BLOCK   204.137.28.195 (Type: outgoing)
2012/04/22 13:46:44 -0400   PC-BLAKE   Blake   IP-BLOCK   204.137.28.195 (Type: outgoing)
2012/04/22 13:47:29 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.2 (Type: outgoing)
2012/04/22 13:47:32 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.2 (Type: outgoing)
2012/04/22 13:47:38 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.2 (Type: outgoing)
2012/04/22 13:47:50 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.2 (Type: outgoing)
2012/04/22 13:47:53 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.2 (Type: outgoing)
2012/04/22 13:47:59 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.2 (Type: outgoing)
2012/04/22 13:48:25 -0400   PC-BLAKE   Blake   MESSAGE   Executing scheduled update: Daily
2012/04/22 13:48:26 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.3 (Type: outgoing)
2012/04/22 13:48:29 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.3 (Type: outgoing)
2012/04/22 13:48:35 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.3 (Type: outgoing)
2012/04/22 13:48:47 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.3 (Type: outgoing)
2012/04/22 13:48:48 -0400   PC-BLAKE   Blake   MESSAGE   Database already up-to-date
2012/04/22 13:48:50 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.3 (Type: outgoing)
2012/04/22 13:48:56 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.3 (Type: outgoing)
2012/04/22 13:49:14 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.4 (Type: outgoing)
2012/04/22 13:49:17 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.4 (Type: outgoing)
2012/04/22 13:49:23 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.4 (Type: outgoing)
2012/04/22 13:49:35 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.4 (Type: outgoing)
2012/04/22 13:49:38 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.4 (Type: outgoing)
2012/04/22 13:49:44 -0400   PC-BLAKE   Blake   IP-BLOCK   206.161.121.4 (Type: outgoing)
2012/04/22 14:27:16 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/22 14:27:29 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/22 14:27:32 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/22 14:29:33 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully

2012/04/23 07:44:39 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/23 07:44:48 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/23 07:44:51 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/23 07:47:21 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/23 07:48:05 -0400   PC-BLAKE   Blake   MESSAGE   Executing scheduled update: Daily
2012/04/23 07:48:25 -0400   PC-BLAKE   Blake   MESSAGE   Starting database refresh
2012/04/23 07:48:25 -0400   PC-BLAKE   Blake   MESSAGE   Scheduled update executed successfully: database updated from version v2012.04.22.02 to version v2012.04.23.03
2012/04/23 07:48:25 -0400   PC-BLAKE   Blake   MESSAGE   Stopping IP protection
2012/04/23 07:48:25 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection stopped
2012/04/23 07:48:29 -0400   PC-BLAKE   Blake   MESSAGE   Database refreshed successfully
2012/04/23 07:48:32 -0400   PC-BLAKE   Blake   MESSAGE   Starting IP protection
2012/04/23 07:48:34 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/23 08:26:17 -0400   PC-BLAKE   Blake   MESSAGE   Stopping IP protection
2012/04/23 08:26:17 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection stopped
2012/04/23 08:43:06 -0400   PC-BLAKE   Blake   DETECTION   C:\Documents and Settings\Blake\Local Settings\Temp\0.40677490613151357   Exploit.Drop.9   ALLOW
2012/04/23 11:29:05 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/23 11:29:18 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/23 11:29:21 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/23 11:31:06 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/23 13:42:56 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/23 13:43:10 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/23 13:43:13 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/23 13:45:57 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/23 14:24:13 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/23 14:24:22 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/23 14:24:25 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/23 14:25:56 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/23 15:28:03 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/23 15:28:14 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/23 15:28:17 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/23 15:29:38 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/23 18:45:15 -0400   PC-BLAKE   Blake   MESSAGE   Starting database refresh
2012/04/23 18:45:15 -0400   PC-BLAKE   Blake   MESSAGE   Stopping IP protection
2012/04/23 18:45:15 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection stopped
2012/04/23 18:45:19 -0400   PC-BLAKE   Blake   MESSAGE   Database refreshed successfully
2012/04/23 18:45:19 -0400   PC-BLAKE   Blake   MESSAGE   Starting IP protection
2012/04/23 18:45:22 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/23 19:14:28 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/23 19:14:41 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/23 19:14:44 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/23 19:16:36 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/23 19:24:51 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/23 19:24:59 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/23 19:25:02 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/23 19:27:47 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/23 19:28:01 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/23 19:28:04 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/23 19:29:54 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully
2012/04/23 20:10:50 -0400   PC-BLAKE      MESSAGE   Starting protection
2012/04/23 20:11:10 -0400   PC-BLAKE      MESSAGE   Protection started successfully
2012/04/23 20:11:13 -0400   PC-BLAKE      MESSAGE   Starting IP protection
2012/04/23 20:14:02 -0400   PC-BLAKE   Blake   MESSAGE   IP Protection started successfully

blakerush · « **Reply #2 on:** April 24, 2012, 03:15:11 AM »

OTL Logs:
OTL logfile created on: 4/23/2012 7:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.79% Memory free
4.81 Gb Paging File | 4.11 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 278.31 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Drive J: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive N: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: PC-BLAKE | User Name: Blake | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/02/07 10:19:14 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/07 10:19:04 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/09 15:52:26 | 003,732,144 | ---- | M] (CANON INC.) [Auto | Stopped] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 19:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/02/07 10:19:05 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/01/17 19:33:07 | 000,004,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/04 01:18:54 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink (TM)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/23 18:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

blakerush · « **Reply #3 on:** April 24, 2012, 03:17:21 AM »

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

blakerush · « **Reply #4 on:** April 24, 2012, 03:18:09 AM »

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1325445254734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325445292687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60EB3EE5-A4AD-4DC5-B2A5-46AA37DE2F6E}: DhcpNameServer = 192.168.2.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/01 15:00:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

blakerush · « **Reply #5 on:** April 24, 2012, 03:21:19 AM »

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 19:22:36 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2012/04/23 19:19:40 | 000,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 14:24:50 | 005,248,608 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/23 11:33:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2012/04/23 11:33:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Blake\UserData
[2012/04/23 11:27:33 | 000,000,000 | ---D | C] -- C:\TEMP
[2012/04/23 11:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/23 08:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/04/23 08:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Start Menu\Programs\Sophos
[2012/04/23 08:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/04/22 18:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\EasySoft_Inc
[2012/04/22 14:42:19 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/04/22 14:42:08 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/04/22 14:42:07 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/04/22 14:41:59 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/04/22 14:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\Google
[2012/04/22 13:31:54 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/04/22 13:31:53 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/04/22 13:31:50 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/04/22 13:31:49 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/04/22 13:31:48 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/04/22 13:31:47 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/04/22 13:31:47 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/04/22 13:31:46 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/04/22 13:31:24 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/04/22 13:31:24 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/04/22 13:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/22 13:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/22 12:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/22 12:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/22 12:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\Malwarebytes
[2012/04/22 12:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/22 12:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/22 12:16:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/22 12:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/22 12:14:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/04/22 11:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2012/04/22 11:43:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Blake\Cookies
[2012/04/22 11:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\My Documents\downloads
[2012/04/22 11:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/04/22 11:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/04/22 11:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/04/22 11:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Start Menu\Programs\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/19 11:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/19 11:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/04 12:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/04 12:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/04 12:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/04/04 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/04/04 12:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/04/04 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\Microsoft Help
[2012/04/04 12:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

blakerush · « **Reply #6 on:** April 24, 2012, 03:21:42 AM »

========== Files - Modified Within 30 Days ==========

[2012/04/23 19:40:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/23 19:40:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/23 19:37:02 | 000,220,226 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 19:26:42 | 000,000,031 | ---- | M] () -- C:\WINDOWS\System32\bbcap.err
[2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:20:43 | 000,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/23 14:30:31 | 000,920,096 | ---- | M] () -- C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 15:22:03 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CIS 2.2.lnk
[2012/04/22 14:42:07 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/22 14:40:31 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 11:38:22 | 000,000,045 | ---- | M] () -- C:\0.bak
[2012/04/22 11:18:43 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/22 11:18:11 | 005,248,608 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/20 17:16:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 06:56:34 | 000,001,116 | ---- | M] () -- C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/12 08:22:02 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/11 19:06:12 | 000,501,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 19:06:12 | 000,089,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 19:03:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 13:10:01 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/01 18:00:50 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/04/01 18:00:50 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2012/03/30 11:12:33 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\PCLaw®.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

blakerush · « **Reply #7 on:** April 24, 2012, 03:22:14 AM »

========== Files Created - No Company Name ==========

[2012/04/23 19:37:02 | 000,220,226 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 15:28:15 | 000,920,096 | ---- | C] () -- C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 14:40:31 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 12:05:01 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/22 11:38:21 | 000,000,045 | ---- | C] () -- C:\0.bak
[2012/04/22 11:19:17 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:41 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:38 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/20 19:00:14 | 001,089,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/20 06:56:34 | 000,001,116 | ---- | C] () -- C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/04 13:12:53 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/15 09:04:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/16 19:44:17 | 000,035,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/02 12:50:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2012/01/01 16:58:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1018.EXE
[2012/01/01 16:02:10 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/01/01 16:02:10 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/01/01 15:18:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/01/01 15:08:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2012/01/01 15:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/01 14:58:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/01 09:53:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/01 09:52:07 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/22 13:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/17 19:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2012/01/01 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2012/01/01 16:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2012/01/06 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EasySoft
[2012/04/23 07:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/01/17 19:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogSys
[2012/04/22 11:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/23 08:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/01/16 18:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/02 23:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Amicus
[2012/01/17 19:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Blueberry
[2012/04/22 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/01/02 23:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Gavel & Gown Software Inc
[2012/01/17 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\LogSys
[2012/04/22 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/01/16 12:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Research In Motion
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< >

< End of report >

blakerush · « **Reply #8 on:** April 24, 2012, 03:28:08 AM »

OTL Logs:
OTL logfile created on: 4/23/2012 7:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.79% Memory free
4.81 Gb Paging File | 4.11 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 278.31 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Drive J: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive N: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: PC-BLAKE | User Name: Blake | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/02/07 10:19:14 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/07 10:19:04 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/09 15:52:26 | 003,732,144 | ---- | M] (CANON INC.) [Auto | Stopped] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 19:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/02/07 10:19:05 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/01/17 19:33:07 | 000,004,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/04 01:18:54 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink (TM)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/23 18:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

blakerush · « **Reply #9 on:** April 24, 2012, 03:28:31 AM »

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

blakerush · « **Reply #10 on:** April 24, 2012, 03:33:08 AM »

O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1325445254734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325445292687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60EB3EE5-A4AD-4DC5-B2A5-46AA37DE2F6E}: DhcpNameServer = 192.168.2.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/01 15:00:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

blakerush · « **Reply #11 on:** April 24, 2012, 03:33:41 AM »

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 19:22:36 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2012/04/23 19:19:40 | 000,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 14:24:50 | 005,248,608 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/23 11:33:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2012/04/23 11:33:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Blake\UserData
[2012/04/23 11:27:33 | 000,000,000 | ---D | C] -- C:\TEMP
[2012/04/23 11:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/23 08:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/04/23 08:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Start Menu\Programs\Sophos
[2012/04/23 08:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/04/22 18:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\EasySoft_Inc
[2012/04/22 14:42:19 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/04/22 14:42:08 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/04/22 14:42:07 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/04/22 14:41:59 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/04/22 14:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\Google
[2012/04/22 13:31:54 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/04/22 13:31:53 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/04/22 13:31:50 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/04/22 13:31:49 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/04/22 13:31:48 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/04/22 13:31:47 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/04/22 13:31:47 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/04/22 13:31:46 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/04/22 13:31:24 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/04/22 13:31:24 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/04/22 13:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/22 13:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/22 12:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/22 12:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/22 12:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\Malwarebytes
[2012/04/22 12:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/22 12:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/22 12:16:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/22 12:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/22 12:14:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/04/22 11:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2012/04/22 11:43:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Blake\Cookies
[2012/04/22 11:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\My Documents\downloads
[2012/04/22 11:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/04/22 11:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/04/22 11:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/04/22 11:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Start Menu\Programs\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/19 11:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/19 11:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/04 12:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/04 12:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/04 12:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/04/04 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/04/04 12:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/04/04 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\Microsoft Help
[2012/04/04 12:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

blakerush · « **Reply #12 on:** April 24, 2012, 03:35:54 AM »

========== Files - Modified Within 30 Days ==========
[2012/04/23 19:40:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/23 19:40:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/23 19:37:02 | 000,220,226 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 19:26:42 | 000,000,031 | ---- | M] () -- C:\WINDOWS\System32\bbcap.err
[2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:20:43 | 000,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/23 14:30:31 | 000,920,096 | ---- | M] () -- C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 15:22:03 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CIS 2.2.lnk
[2012/04/22 14:42:07 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/22 14:40:31 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 11:38:22 | 000,000,045 | ---- | M] () -- C:\0.bak
[2012/04/22 11:18:43 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/22 11:18:11 | 005,248,608 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/20 17:16:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 06:56:34 | 000,001,116 | ---- | M] () -- C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/12 08:22:02 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/11 19:06:12 | 000,501,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 19:06:12 | 000,089,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 19:03:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 13:10:01 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/01 18:00:50 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/04/01 18:00:50 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2012/03/30 11:12:33 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\PCLaw®.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/23 19:37:02 | 000,220,226 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 15:28:15 | 000,920,096 | ---- | C] () -- C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 14:40:31 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 12:05:01 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/22 11:38:21 | 000,000,045 | ---- | C] () -- C:\0.bak
[2012/04/22 11:19:17 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:41 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:38 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/20 19:00:14 | 001,089,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/20 06:56:34 | 000,001,116 | ---- | C] () -- C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/04 13:12:53 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/15 09:04:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/16 19:44:17 | 000,035,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/02 12:50:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2012/01/01 16:58:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1018.EXE
[2012/01/01 16:02:10 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/01/01 16:02:10 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/01/01 15:18:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/01/01 15:08:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2012/01/01 15:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/01 14:58:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/01 09:53:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/01 09:52:07 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

blakerush · « **Reply #13 on:** April 24, 2012, 03:36:16 AM »

========== LOP Check ==========

[2012/04/22 13:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/17 19:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2012/01/01 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2012/01/01 16:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2012/01/06 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EasySoft
[2012/04/23 07:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/01/17 19:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogSys
[2012/04/22 11:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/23 08:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/01/16 18:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/02 23:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Amicus
[2012/01/17 19:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Blueberry
[2012/04/22 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/01/02 23:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Gavel & Gown Software Inc
[2012/01/17 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\LogSys
[2012/04/22 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/01/16 12:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Research In Motion
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< >

< End of report >

blakerush · « **Reply #14 on:** April 24, 2012, 03:37:54 AM »

OTL Extra Log:
OTL Extras logfile created on: 4/23/2012 7:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.79% Memory free
4.81 Gb Paging File | 4.11 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 278.31 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Drive J: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive N: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: PC-BLAKE | User Name: Blake | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-507921405-1500820517-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

Author Topic: Malicious URL Blocked - Need Help (Read 14813 times)

blakerush

Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help

blakerush

Re: Malicious URL Blocked - Need Help