Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox and IE redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox and IE redirects

Unread postby Hetty » July 25th, 2011, 10:13 am

Greetings,

Running windows XP with all updates. Both firefox and IE redirect web sites. Any help would be appreciated. This computer is used for home use. The dds and attach files are below:


DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Hetty Richardson at 10:01:48 on 2011-07-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2120 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\FirstClass\fcc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk- ... channel=us
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [McAfee Update] c:\docume~1\hettyr~1\locals~1\temp\mcupdate_1281633425.exe /insfin c:\docume~1\hettyr~1\locals~1\temp\mcupdate_1281633425.ini
uRun: [Google Update] "c:\documents and settings\hetty richardson\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WypEHgfIKaPhdv] c:\documents and settings\all users\application data\WypEHgfIKaPhdv.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [V0415Mon.exe] c:\windows\V0415Mon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRunOnce: [VF0415Inst] RunDll32.exe c:\windows\system32\V0415Pin.dll,RunDLL32EP 515
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_26.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{3A510BD4-7C8A-459E-A01F-11662805DA63} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hetty richardson\application data\mozilla\firefox\profiles\uu53dy2g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BO1TDF&PC=B8MK&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55495
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\hetty richardson\application data\mozilla\firefox\profiles\uu53dy2g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\hetty richardson\application data\mozilla\firefox\profiles\uu53dy2g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\hetty richardson\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hetty richardson\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hetty richardson\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-6 108392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-27 54760]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-11 366640]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-24 25824]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-5 835208]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-1 1832072]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-4-30 2521880]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-19 135616]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-15 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-11 22712]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110724.003\NAVENG.SYS [2011-7-25 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110724.003\NAVEX15.SYS [2011-7-25 1542392]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-11-19 31616]
R3 V0415Afx;Creative Camera VF0415 Audio Effects Driver;c:\windows\system32\drivers\V0415Afx.sys [2009-11-19 160768]
R3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [2009-11-19 286208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b55aebe00602;Google Update Service (gupdate1c9b55aebe00602);c:\program files\google\update\GoogleUpdate.exe [2009-4-4 133104]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-1-23 42832]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-5-21 23888]
S3 cpuz134;cpuz134;\??\c:\docume~1\hettyr~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\hettyr~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-4 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-30 30192]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2011-07-18 11:06:14 766464 ----a-w- c:\windows\system32\dllcache\vgx.dll
2011-07-18 11:01:08 -------- d-----w- c:\documents and settings\hetty richardson\application data\MSNInstaller
2011-07-18 03:34:58 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-07-18 03:29:46 -------- d-----w- c:\windows\Logs
2011-07-16 18:48:22 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-16 15:37:08 -------- d-----w- c:\documents and settings\hetty richardson\local settings\application data\AVG Security Toolbar
2011-07-16 15:35:45 -------- d-----w- c:\documents and settings\hetty richardson\application data\AVG10
2011-07-16 14:51:02 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-16 14:49:41 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-07-16 14:35:30 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-15 23:10:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-15 23:10:34 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-15 19:55:06 -------- d-----r- c:\program files\Skype
2011-07-15 18:51:08 -------- d-----w- c:\windows\pss
2011-07-15 15:35:59 -------- d-----w- c:\documents and settings\hetty richardson\local settings\application data\Symantec
2011-07-15 15:35:40 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-07-15 15:34:26 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-07-15 15:34:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-15 15:34:09 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-15 15:33:24 -------- d-----w- c:\program files\Symantec
2011-07-15 15:33:24 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2011-07-13 20:17:13 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-07-12 23:44:15 -------- d-----w- c:\documents and settings\hetty richardson\local settings\application data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}
2011-06-26 13:18:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-07-12 22:18:35 0 ----a-w- c:\windows\Wveliwojiy.bin
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-27 18:02:10 1247056 ----a-w- c:\program files\wlsetup-web.exe
2009-09-23 21:27:12 9688568 ----a-w- c:\program files\picasa35-setup.exe
2008-08-14 23:24:17 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
.
============= FINISH: 10:04:23.07 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-07-14.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/10/2008 10:45:36 PM
System Uptime: 7/18/2011 6:12:17 PM (160 hours ago)
.
Motherboard: Dell Inc. | | 0GM819
Processor: Intel Pentium III Xeon processor | CPU | 2992/1333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 158.534 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 876.664 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
Z: is NetworkDisk (NTFS) - 453 GiB total, 366.134 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP570: 6/9/2011 4:01:58 PM - System Checkpoint
RP571: 6/12/2011 1:20:21 PM - System Checkpoint
RP572: 6/12/2011 3:54:30 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP573: 6/14/2011 1:53:34 PM - Software Distribution Service 3.0
RP574: 6/14/2011 9:34:42 PM - Software Distribution Service 3.0
RP575: 6/15/2011 9:35:45 PM - System Checkpoint
RP576: 6/17/2011 9:48:57 AM - System Checkpoint
RP577: 6/18/2011 1:26:25 PM - System Checkpoint
RP578: 6/19/2011 2:32:39 PM - System Checkpoint
RP579: 6/20/2011 2:34:13 PM - System Checkpoint
RP580: 6/22/2011 12:10:04 PM - Software Distribution Service 3.0
RP581: 6/23/2011 1:01:18 PM - System Checkpoint
RP582: 6/24/2011 4:27:42 PM - System Checkpoint
RP583: 6/26/2011 3:44:33 PM - System Checkpoint
RP584: 6/27/2011 4:37:44 PM - System Checkpoint
RP585: 6/28/2011 7:41:15 PM - System Checkpoint
RP586: 6/29/2011 3:00:14 AM - Software Distribution Service 3.0
RP587: 6/30/2011 8:17:20 PM - System Checkpoint
RP588: 7/1/2011 10:49:46 AM - Software Distribution Service 3.0
RP589: 7/3/2011 7:21:49 PM - System Checkpoint
RP590: 7/5/2011 11:01:42 AM - System Checkpoint
RP591: 7/6/2011 11:47:09 AM - System Checkpoint
RP592: 7/8/2011 10:52:39 AM - System Checkpoint
RP593: 7/9/2011 12:32:14 PM - System Checkpoint
RP594: 7/13/2011 3:00:47 AM - Software Distribution Service 3.0
RP595: 7/13/2011 10:38:17 PM - Removed McAfee Virtual Technician
RP596: 7/13/2011 10:41:59 PM - Removed Bing Bar
RP597: 7/15/2011 9:14:30 AM - System Checkpoint
RP598: 7/15/2011 11:33:03 AM - Installed Symantec Endpoint Protection.
RP599: 7/15/2011 3:46:54 PM - Removed Skype Toolbars
RP600: 7/15/2011 3:49:41 PM - Removed Skype™ 5.3
RP601: 7/16/2011 10:48:53 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP602: 7/16/2011 10:49:03 AM - Installed AVG 2011
RP603: 7/16/2011 10:49:26 AM - Installed AVG 2011
RP604: 7/16/2011 2:28:38 PM - Installed Windows Defender
RP605: 7/16/2011 2:39:03 PM - Installed Ad-Aware
RP606: 7/16/2011 2:39:20 PM - Installed Ad-Aware
RP607: 7/17/2011 5:52:04 AM - Removed Bonjour
RP608: 7/17/2011 5:52:15 AM - Removed Browser Address Error Redirector.
RP609: 7/17/2011 5:54:00 AM - Removed MSXML 4.0 SP2 (KB936181)
RP610: 7/17/2011 5:56:20 AM - Removed NBC Direct Beta
RP611: 7/17/2011 5:59:27 AM - Removed Vz In Home Agent
RP612: 7/17/2011 6:01:48 AM - Removed MSXML 4.0 SP2 (KB954430)
RP613: 7/17/2011 9:30:49 AM - Software Distribution Service 3.0
RP614: 7/17/2011 9:39:57 AM - Configured Maxtor Manager
RP615: 7/17/2011 9:02:21 PM - Removed Ad-Aware
RP616: 7/17/2011 10:04:40 PM - Software Distribution Service 3.0
RP617: 7/17/2011 10:24:30 PM - Removed AVG 2011
RP618: 7/17/2011 10:25:48 PM - Removed AVG 2011
RP619: 7/17/2011 11:03:01 PM - Software Distribution Service 3.0
RP620: 7/17/2011 11:18:57 PM - Removed iPhone Configuration Utility
RP621: 7/17/2011 11:34:42 PM - Installed DirectX
RP622: 7/18/2011 7:07:48 AM - Software Distribution Service 3.0
RP623: 7/18/2011 7:40:25 AM - Software Distribution Service 3.0
RP624: 7/18/2011 7:57:34 AM - Software Distribution Service 3.0
RP625: 7/18/2011 7:59:41 AM - Software Distribution Service 3.0
RP626: 7/18/2011 6:40:29 PM - Installed Java(TM) 6 Update 26
RP627: 7/18/2011 6:42:44 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP628: 7/20/2011 8:45:57 AM - System Checkpoint
RP629: 7/23/2011 11:03:19 AM - System Checkpoint
RP630: 7/24/2011 5:22:28 PM - System Checkpoint
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.3.0 - CPSID_83708
Adobe Acrobat 8.3.0 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.3.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Canon ScanGear Toolbox CS 2.2
Creative Live! Cam Video IM Ultra (VF0415) (1.01.03.00)
Creative Live! Central
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Dell ETS Factory Installation
Dropbox
eWallet 7.2
FirstClass® Client
Google Calendar Sync
Google Chrome
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB931756)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Matrix Storage Manager
Intel(R) PRO Alerting Agent
Intel(R) PRO Network Connections 12.1.12.4
Intel® Active Management Technology
Ipswitch WS_FTP Professional 2007
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Juniper Networks Host Checker
Juniper Networks Network Connect 7.0.0
Juniper Networks Setup Client
Junk Mail filter update
Lighting Handbook
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.1.1800
Memeo AutoSync
Memeo Instant Backup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Image Composer 1.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 5.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.7)
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Netflix Movie Viewer
OGA Notifier 2.0.0048.0
Open Workbench
OpenCASE Media Agent
OpenOffice.org 2.4
PDF Settings
Picasa 3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
Seagate Dashboard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 5.5
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Symantec Endpoint Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2553975)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Broadband Toolbar
WebFldrs XP
WebVideoCap
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinSCP 4.1.6
.
==== Event Viewer Messages From Past Week ========
.
7/23/2011 9:31:15 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for. (0x80072AFC)
7/19/2011 12:26:52 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================
Hetty
Active Member
 
Posts: 11
Joined: July 17th, 2011, 11:47 am
Advertisement
Register to Remove

Re: Firefox and IE redirects

Unread postby askey127 » July 26th, 2011, 6:38 am

Hi hetty,
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Double click CKScanner.exe, and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

So we are looking for the log from CKScanner, and the log from TDSSKiller.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Firefox and IE redirects

Unread postby Hetty » July 26th, 2011, 9:32 am

Results from CKScanner:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.WGNAIF
----- EOF -----


Results from TDSSKiller:

2011/07/26 09:18:22.0984 5968 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/26 09:18:24.0984 5968 ================================================================================
2011/07/26 09:18:24.0984 5968 SystemInfo:
2011/07/26 09:18:24.0984 5968
2011/07/26 09:18:24.0984 5968 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/26 09:18:24.0984 5968 Product type: Workstation
2011/07/26 09:18:24.0984 5968 ComputerName: DELL2
2011/07/26 09:18:24.0984 5968 UserName: Hetty Richardson
2011/07/26 09:18:24.0984 5968 Windows directory: C:\WINDOWS
2011/07/26 09:18:24.0984 5968 System windows directory: C:\WINDOWS
2011/07/26 09:18:24.0984 5968 Processor architecture: Intel x86
2011/07/26 09:18:24.0984 5968 Number of processors: 2
2011/07/26 09:18:24.0984 5968 Page size: 0x1000
2011/07/26 09:18:24.0984 5968 Boot type: Normal boot
2011/07/26 09:18:24.0984 5968 ================================================================================
2011/07/26 09:18:25.0437 5968 Initialize success
2011/07/26 09:18:40.0328 4108 ================================================================================
2011/07/26 09:18:40.0328 4108 Scan started
2011/07/26 09:18:40.0328 4108 Mode: Manual;
2011/07/26 09:18:40.0328 4108 ================================================================================
2011/07/26 09:18:40.0921 4108 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/26 09:18:40.0984 4108 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/26 09:18:41.0015 4108 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/26 09:18:41.0062 4108 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/07/26 09:18:41.0093 4108 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/26 09:18:41.0156 4108 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/26 09:18:41.0218 4108 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/26 09:18:41.0265 4108 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/26 09:18:41.0328 4108 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/26 09:18:41.0343 4108 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/26 09:18:41.0359 4108 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/26 09:18:41.0390 4108 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/26 09:18:41.0406 4108 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/26 09:18:41.0421 4108 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/26 09:18:41.0453 4108 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/26 09:18:41.0468 4108 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/26 09:18:41.0500 4108 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/26 09:18:41.0515 4108 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/26 09:18:41.0531 4108 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/26 09:18:41.0578 4108 AsfAlrt (c139fa963dbb9bd6560f404f509d1196) C:\WINDOWS\system32\Drivers\AsfAlrt.sys
2011/07/26 09:18:41.0640 4108 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/26 09:18:41.0656 4108 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/26 09:18:41.0843 4108 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/26 09:18:41.0984 4108 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/26 09:18:42.0031 4108 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/26 09:18:42.0046 4108 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/26 09:18:42.0093 4108 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/26 09:18:42.0109 4108 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/26 09:18:42.0140 4108 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/26 09:18:42.0203 4108 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/26 09:18:42.0218 4108 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/26 09:18:42.0265 4108 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/26 09:18:42.0281 4108 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/26 09:18:42.0328 4108 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/26 09:18:42.0375 4108 COH_Mon (a02dc932f3806d29b39ef3114ce00405) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/07/26 09:18:42.0437 4108 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/26 09:18:42.0640 4108 CtClsFlt (a029cde0a50aee7eeffd70dd3821953d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
2011/07/26 09:18:42.0687 4108 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/26 09:18:42.0703 4108 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/26 09:18:42.0765 4108 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/26 09:18:42.0812 4108 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/07/26 09:18:42.0828 4108 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/07/26 09:18:42.0828 4108 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/07/26 09:18:42.0843 4108 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/07/26 09:18:42.0859 4108 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/07/26 09:18:42.0859 4108 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/07/26 09:18:42.0875 4108 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/07/26 09:18:42.0875 4108 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/07/26 09:18:42.0890 4108 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/07/26 09:18:42.0890 4108 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/07/26 09:18:42.0937 4108 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/26 09:18:42.0984 4108 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/26 09:18:43.0000 4108 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/26 09:18:43.0031 4108 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/26 09:18:43.0078 4108 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/26 09:18:43.0093 4108 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/26 09:18:43.0109 4108 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/07/26 09:18:43.0109 4108 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/07/26 09:18:43.0156 4108 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2011/07/26 09:18:43.0203 4108 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/26 09:18:43.0265 4108 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/07/26 09:18:43.0390 4108 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/26 09:18:43.0421 4108 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/26 09:18:43.0484 4108 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/26 09:18:43.0500 4108 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/26 09:18:43.0546 4108 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/26 09:18:43.0609 4108 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/26 09:18:43.0640 4108 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/26 09:18:43.0703 4108 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/07/26 09:18:43.0718 4108 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/26 09:18:43.0750 4108 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/26 09:18:43.0796 4108 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/26 09:18:43.0828 4108 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/26 09:18:43.0890 4108 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/26 09:18:43.0906 4108 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/07/26 09:18:43.0953 4108 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/26 09:18:44.0000 4108 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/26 09:18:44.0046 4108 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/26 09:18:44.0062 4108 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/26 09:18:44.0093 4108 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/26 09:18:44.0140 4108 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/26 09:18:44.0203 4108 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\WINDOWS\system32\drivers\iaStor.sys
2011/07/26 09:18:44.0218 4108 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/26 09:18:44.0250 4108 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/26 09:18:44.0281 4108 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/26 09:18:44.0328 4108 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/26 09:18:44.0359 4108 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/26 09:18:44.0406 4108 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/26 09:18:44.0421 4108 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/26 09:18:44.0453 4108 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/26 09:18:44.0468 4108 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/26 09:18:44.0515 4108 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/26 09:18:44.0562 4108 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/26 09:18:44.0578 4108 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/26 09:18:44.0593 4108 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/26 09:18:44.0609 4108 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/26 09:18:44.0640 4108 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/26 09:18:44.0718 4108 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/26 09:18:44.0734 4108 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/26 09:18:44.0765 4108 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/26 09:18:44.0781 4108 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/26 09:18:44.0843 4108 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/26 09:18:44.0843 4108 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/26 09:18:44.0906 4108 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/26 09:18:44.0968 4108 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/26 09:18:45.0031 4108 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/26 09:18:45.0046 4108 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/26 09:18:45.0078 4108 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/26 09:18:45.0125 4108 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/26 09:18:45.0156 4108 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/26 09:18:45.0234 4108 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/26 09:18:45.0265 4108 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/26 09:18:45.0328 4108 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/26 09:18:45.0390 4108 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/07/26 09:18:45.0453 4108 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/26 09:18:45.0625 4108 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110725.019\NAVENG.SYS
2011/07/26 09:18:45.0687 4108 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110725.019\NAVEX15.SYS
2011/07/26 09:18:45.0750 4108 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/26 09:18:45.0796 4108 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/26 09:18:45.0843 4108 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/26 09:18:45.0875 4108 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/26 09:18:45.0875 4108 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/26 09:18:45.0921 4108 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/26 09:18:45.0968 4108 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/26 09:18:46.0000 4108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/26 09:18:46.0046 4108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/26 09:18:46.0078 4108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/26 09:18:46.0109 4108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/26 09:18:46.0203 4108 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/26 09:18:46.0312 4108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/26 09:18:46.0328 4108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/26 09:18:46.0390 4108 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/26 09:18:46.0406 4108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/26 09:18:46.0437 4108 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/26 09:18:46.0453 4108 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/26 09:18:46.0484 4108 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/26 09:18:46.0531 4108 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/26 09:18:46.0609 4108 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/26 09:18:46.0640 4108 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/26 09:18:46.0703 4108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/26 09:18:46.0734 4108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/26 09:18:46.0750 4108 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/26 09:18:46.0750 4108 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/26 09:18:46.0765 4108 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/26 09:18:46.0781 4108 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/26 09:18:46.0812 4108 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/26 09:18:46.0828 4108 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/26 09:18:46.0859 4108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/26 09:18:46.0875 4108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/26 09:18:46.0890 4108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/26 09:18:46.0906 4108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/26 09:18:46.0921 4108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/26 09:18:46.0937 4108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/26 09:18:46.0968 4108 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/26 09:18:47.0000 4108 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/26 09:18:47.0015 4108 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/26 09:18:47.0046 4108 RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\WINDOWS\system32\DRIVERS\livecamv.sys
2011/07/26 09:18:47.0093 4108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/26 09:18:47.0171 4108 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/07/26 09:18:47.0234 4108 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/26 09:18:47.0250 4108 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/26 09:18:47.0312 4108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/26 09:18:47.0390 4108 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/26 09:18:47.0453 4108 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/26 09:18:47.0484 4108 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/26 09:18:47.0578 4108 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/07/26 09:18:47.0640 4108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/26 09:18:47.0640 4108 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/26 09:18:47.0671 4108 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/07/26 09:18:47.0765 4108 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/07/26 09:18:47.0828 4108 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/07/26 09:18:47.0890 4108 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/26 09:18:47.0968 4108 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/26 09:18:48.0031 4108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/26 09:18:48.0031 4108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/26 09:18:48.0078 4108 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/26 09:18:48.0093 4108 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/26 09:18:48.0171 4108 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/07/26 09:18:48.0250 4108 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/07/26 09:18:48.0390 4108 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/07/26 09:18:48.0421 4108 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/26 09:18:48.0453 4108 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/26 09:18:48.0515 4108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/26 09:18:48.0578 4108 SysPlant (8adc033c77b2b006ea59beb2c8c6a38b) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
2011/07/26 09:18:48.0640 4108 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/26 09:18:48.0671 4108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/26 09:18:48.0718 4108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/26 09:18:48.0765 4108 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
2011/07/26 09:18:48.0781 4108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/26 09:18:48.0859 4108 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/26 09:18:48.0921 4108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/26 09:18:49.0000 4108 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/26 09:18:49.0062 4108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/26 09:18:49.0140 4108 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/26 09:18:49.0203 4108 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/26 09:18:49.0250 4108 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/26 09:18:49.0265 4108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/26 09:18:49.0281 4108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/26 09:18:49.0343 4108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/26 09:18:49.0375 4108 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/26 09:18:49.0421 4108 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/26 09:18:49.0437 4108 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/26 09:18:49.0453 4108 V0415Afx (f74ed42575ae007d93be45fcdcfcc9e5) C:\WINDOWS\system32\DRIVERS\V0415Afx.sys
2011/07/26 09:18:49.0500 4108 V0415Vid (b767129fd472e18a10d2553724ae79fe) C:\WINDOWS\system32\DRIVERS\V0415Vid.sys
2011/07/26 09:18:49.0546 4108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/26 09:18:49.0578 4108 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/26 09:18:49.0609 4108 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/26 09:18:49.0640 4108 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/26 09:18:49.0671 4108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/26 09:18:49.0734 4108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/26 09:18:49.0828 4108 WPS (d48d0b1b5fdc074373c624af3b573412) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2011/07/26 09:18:49.0859 4108 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
2011/07/26 09:18:49.0921 4108 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/26 09:18:49.0953 4108 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/26 09:18:50.0000 4108 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/26 09:18:50.0046 4108 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/26 09:18:50.0046 4108 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/26 09:18:50.0062 4108 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
2011/07/26 09:18:50.0062 4108 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR5
2011/07/26 09:18:50.0812 4108 Boot (0x1200) (85cf7e9510e8aeec00a69b572d789b24) \Device\Harddisk0\DR0\Partition0
2011/07/26 09:18:50.0812 4108 Boot (0x1200) (6043adf41b6796bb7f6609f25a228b84) \Device\Harddisk1\DR3\Partition0
2011/07/26 09:18:50.0828 4108 Boot (0x1200) (f62e60f66a8481a9efa6103e1c4e6783) \Device\Harddisk2\DR5\Partition0
2011/07/26 09:18:50.0843 4108 ================================================================================
2011/07/26 09:18:50.0843 4108 Scan finished
2011/07/26 09:18:50.0843 4108 ================================================================================
2011/07/26 09:18:50.0843 2780 Detected object count: 1
2011/07/26 09:18:50.0843 2780 Actual detected object count: 1
2011/07/26 09:19:44.0468 2780 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/26 09:19:44.0468 2780 \Device\Harddisk0\DR0 - ok
2011/07/26 09:19:44.0468 2780 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/26 09:19:53.0375 2684 Deinitialize success
Hetty
Active Member
 
Posts: 11
Joined: July 17th, 2011, 11:47 am

Re: Firefox and IE redirects

Unread postby askey127 » July 26th, 2011, 4:59 pm

Hetty,
Good.
A serious rootkit infection was found.
Let's see if it left any relatives:
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE SYMANTEC ENDPOINT PROTECTION
    Right click on the icon in the taskbar notification area & select "Disable Symantec EndPoint Protection".
    Image
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your Antivirus protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Firefox and IE redirects

Unread postby Hetty » July 26th, 2011, 6:05 pm

Thanks. The log file is below:

ComboFix 11-07-26.03 - Hetty Richardson 07/26/2011 17:45:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2113 [GMT -4:00]
Running from: c:\documents and settings\Hetty Richardson\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Desktop\Malware Protection.lnk
c:\documents and settings\Hetty Richardson\Application Data\Adobe\plugs
c:\documents and settings\Hetty Richardson\Application Data\Adobe\shed
c:\documents and settings\Hetty Richardson\GoToAssistDownloadHelper.exe
c:\documents and settings\Hetty Richardson\WINDOWS
C:\DSCN2734.JPG
C:\DSCN2735.JPG
C:\DSCN2736.JPG
C:\DSCN2737.JPG
C:\DSCN2738.JPG
C:\DSCN2739.JPG
C:\DSCN2740.JPG
C:\DSCN2741.JPG
C:\DSCN2742.JPG
C:\Thumbs.db
c:\windows\system32\Cache
c:\windows\system32\searchindexer.exe
F:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WSearch
-------\Service_WSearch
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-18 11:06 . 2011-04-30 08:50 766464 ----a-w- c:\windows\system32\dllcache\vgx.dll
2011-07-18 11:01 . 2011-07-18 11:01 -------- d-----w- c:\documents and settings\Hetty Richardson\Application Data\MSNInstaller
2011-07-18 03:34 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-07-18 03:29 . 2011-07-18 03:29 -------- d-----w- c:\windows\Logs
2011-07-17 13:31 . 2011-07-17 13:37 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Skype
2011-07-17 13:28 . 2011-07-17 13:28 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\temp
2011-07-17 13:25 . 2011-07-17 13:25 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\Symantec
2011-07-17 13:25 . 2011-07-17 13:25 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\AVG10
2011-07-17 13:23 . 2011-07-17 13:23 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-07-17 13:23 . 2011-07-17 13:23 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-07-17 13:23 . 2011-07-17 13:23 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-07-17 13:23 . 2011-07-17 13:23 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-07-17 13:23 . 2011-07-17 13:23 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-07-17 13:23 . 2011-07-17 13:23 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-07-17 13:23 . 2011-07-17 13:23 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-07-17 13:23 . 2011-07-17 13:23 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-07-17 13:23 . 2011-07-17 13:23 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-07-17 13:23 . 2011-07-17 13:23 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-07-17 13:23 . 2011-07-17 13:23 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-07-17 13:23 . 2011-07-17 13:23 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-07-17 13:22 . 2011-07-17 13:22 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-07-17 13:22 . 2011-07-17 13:22 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-07-17 13:22 . 2011-07-17 13:22 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-07-17 13:22 . 2011-07-17 13:22 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-07-17 13:22 . 2011-07-17 13:22 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-07-17 10:15 . 2011-07-17 10:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-17 10:13 . 2011-07-17 10:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-17 10:13 . 2011-07-17 10:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-07-16 18:48 . 2011-07-16 18:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-16 18:39 . 2011-07-16 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-07-16 15:37 . 2011-07-16 15:37 -------- d-----w- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\AVG Security Toolbar
2011-07-16 15:35 . 2011-07-16 15:35 -------- d-----w- c:\documents and settings\Hetty Richardson\Application Data\AVG10
2011-07-16 14:51 . 2011-07-16 14:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-16 14:49 . 2011-07-18 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-07-16 14:35 . 2011-07-18 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-15 23:10 . 2011-07-18 01:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-15 23:10 . 2011-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-15 19:55 . 2011-07-18 03:26 -------- d-----r- c:\program files\Skype
2011-07-15 15:35 . 2011-07-15 15:35 -------- d-----w- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\Symantec
2011-07-15 15:35 . 2011-06-22 23:05 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-07-15 15:34 . 2010-08-05 23:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-07-15 15:34 . 2011-07-15 15:34 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-15 15:34 . 2011-07-15 15:34 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-15 15:33 . 2011-07-15 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2011-07-15 15:33 . 2011-07-15 15:34 -------- d-----w- c:\program files\Symantec
2011-07-13 20:17 . 2011-07-13 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-12 23:44 . 2011-07-12 23:44 -------- d-----w- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}
2011-07-12 22:21 . 2011-07-12 22:21 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Malwarebytes
2011-07-12 22:21 . 2011-07-12 22:21 -------- d-sh--w- c:\documents and settings\David Kotecki\PrivacIE
2011-07-12 22:21 . 2011-07-12 22:21 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\Yahoo
2011-07-12 22:19 . 2011-07-12 22:19 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\Identities
2011-07-12 22:19 . 2011-07-12 22:19 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Windows Desktop Search
2011-07-12 22:19 . 2011-07-12 22:19 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Apple Computer
2011-07-12 22:18 . 2011-07-12 22:18 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Memeo
2011-07-12 22:18 . 2011-07-12 22:18 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Seagate
2011-07-12 22:18 . 2011-07-12 22:18 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}
2011-07-12 22:18 . 2011-07-12 22:18 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 23:13 . 2011-06-26 13:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 23:52 . 2011-06-11 19:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-06-11 19:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2004-08-11 21:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-10 12:06 . 2009-03-28 17:25 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2008-10-11 15:27 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 08:52 . 2010-08-19 21:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2008-05-11 13:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2004-08-11 21:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-11 21:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-11 21:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-27 18:02 . 2010-06-27 18:01 1247056 ----a-w- c:\program files\wlsetup-web.exe
2009-09-23 21:27 . 2009-09-23 21:27 9688568 ----a-w- c:\program files\picasa35-setup.exe
2008-08-14 23:24 . 2008-08-14 23:24 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2011-07-08 07:16 . 2011-07-18 23:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-17 13:26 . 2010-03-04 20:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Hetty Richardson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Hetty Richardson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Hetty Richardson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Hetty Richardson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-07 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 178712]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-24 1036288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-17 30192]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-05-27 624056]
"V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-07 28672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-23 273544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-06 115560]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0415Inst"="c:\windows\system32\V0415Pin.dll" [2009-08-04 40960]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"DNSexit"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"GoogleDesktopManager-051210-111108"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"Maxtor Sync Service"=2 (0x2)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 3:58 AM 133968]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/11/2011 3:01 PM 366640]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 2:35 PM 25824]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/5/2008 3:54 PM 835208]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 12:42 PM 14088]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [4/30/2008 11:33 AM 2521880]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [11/19/2009 9:11 PM 135616]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/15/2011 11:50 AM 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/11/2011 3:01 PM 22712]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [11/19/2009 9:12 PM 31616]
R3 V0415Afx;Creative Camera VF0415 Audio Effects Driver;c:\windows\system32\drivers\V0415Afx.sys [11/19/2009 8:52 PM 160768]
R3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [11/19/2009 8:52 PM 286208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9b55aebe00602;Google Update Service (gupdate1c9b55aebe00602);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2009 3:23 PM 133104]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [1/23/2007 3:45 AM 42832]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/21/2010 7:27 AM 23888]
S3 cpuz134;cpuz134;\??\c:\docume~1\HETTYR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\HETTYR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2009 3:23 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 5:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/30/2008 11:36 AM 30192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-30 17:10]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 19:23]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 19:23]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005Core.job
- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-19 21:49]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005UA.job
- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-19 21:49]
.
2011-07-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: maine.gov\secure
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BO1TDF&PC=B8MK&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55495
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-WypEHgfIKaPhdv - c:\documents and settings\All Users\Application Data\WypEHgfIKaPhdv.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
SafeBoot-Symantec Antvirus
MSConfigStartUp-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
AddRemove-HijackThis - c:\docume~1\HETTYR~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 17:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,07,03,48,96,08,f2,4a,b9,b0,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,07,03,48,96,08,f2,4a,b9,b0,ad,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(5296)
c:\windows\system32\WININET.dll
c:\documents and settings\Hetty Richardson\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Symantec\Symantec Endpoint Protection\DoScan.exe
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\program files\Symantec\Symantec Endpoint Protection\SavUI.exe
.
**************************************************************************
.
Completion time: 2011-07-26 18:01:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-26 22:00
.
Pre-Run: 170,142,314,496 bytes free
Post-Run: 170,813,636,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 91752503191314FB17DEE192383AE1C3
Hetty
Active Member
 
Posts: 11
Joined: July 17th, 2011, 11:47 am

Re: Firefox and IE redirects

Unread postby askey127 » July 27th, 2011, 6:58 am

Hetty,
It is not safe to open outside PDF files using either Adobe Reader 8.3 OR Adobe Acrobat Pro 8.3
You can use the old Pro version to create PDFs, or edit one, BUT ONLY after it has been scanned by your Antivirus (right click the file and choose Scan with Symantec).
But you should use the newest Adobe Reader X (version 10.xx) to view Internet PDF files.
This will prevent PC infection due to opening a malicious web-based PDF with one of the older, vulnerable, versions of Acrobat.
This appears to be how the machine became infected.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight this Entry, and choose Remove :

Adobe Reader 8.3.0

Take extra care in answering questions posed by any Uninstaller.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
-------------------------------------------------------------
Run a Corrective Script with ComboFix (zzz.exe)
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    Reglock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    
    Folder::
    c:\documents and settings\All Users\Application Data\AVG10
    c:\documents and settings\Hetty Richardson\Application Data\AVG10
    c:\documents and settings\All Users\Application Data\Lavasoft
    c:\documents and settings\David Kotecki\Application Data\AVG10
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Firefox and IE redirects

Unread postby Hetty » July 27th, 2011, 7:37 pm

ComboFix log:

ComboFix 11-07-27.03 - Hetty Richardson 07/27/2011 19:24:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2433 [GMT -4:00]
Running from: c:\documents and settings\Hetty Richardson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hetty Richardson\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVG10
c:\documents and settings\All Users\Application Data\AVG10\Cfg\admin.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\csl.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\erd.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\idp.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\mailsrv.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\mailsrvvsapi.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\setup.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\spsrv.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\updatecomps.cfg
c:\documents and settings\All Users\Application Data\AVG10\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\AVG10\cfgall\falsealarm.cfg
c:\documents and settings\All Users\Application Data\AVG10\cfgall\krnlall.cfg
c:\documents and settings\All Users\Application Data\AVG10\cfgall\updateall.cfg
c:\documents and settings\All Users\Application Data\AVG10\cfgall\userall.cfg
c:\documents and settings\All Users\Application Data\AVG10\log\avgcfg.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjw.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjw.log.1
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjw.log.2
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.1
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.10
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.2
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.3
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.4
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.5
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.6
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.7
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.8
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.9
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgcsl.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgcsl.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgexc.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgexc.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgldr.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avglng.log
c:\documents and settings\All Users\Application Data\AVG10\log\avglng.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgns.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgns.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgpostinst.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgpostinst.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.1
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.10
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.2
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.3
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.4
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.5
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.6
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.7
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.8
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.9
c:\documents and settings\All Users\Application Data\AVG10\log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgscan.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgsched.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgsrm.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgtbapi.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgtbapi.log.1
c:\documents and settings\All Users\Application Data\AVG10\log\avgtbapi.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgtdi.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgual.2011-07-16.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgual.2011-07-17.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgual.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgual.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgui.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgui.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avguidraw.log
c:\documents and settings\All Users\Application Data\AVG10\log\avguidraw.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgupd.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgwd.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\commonpriv.log
c:\documents and settings\All Users\Application Data\AVG10\log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\fixcfg.log
c:\documents and settings\All Users\Application Data\AVG10\log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\history.xml
c:\documents and settings\All Users\Application Data\AVG10\log\IDP\log\avgtray_idp_David Kotecki.log
c:\documents and settings\All Users\Application Data\AVG10\log\IDP\log\avgtray_idp_Hetty Richardson.log
c:\documents and settings\All Users\Application Data\AVG10\log\IDP\log\avgui_idp_Hetty Richardson.log
c:\documents and settings\All Users\Application Data\AVG10\log\IDP\log\avgwdsvc_idp_SYSTEM.log
c:\documents and settings\All Users\Application Data\AVG10\log\vault.log
c:\documents and settings\All Users\Application Data\AVG10\log\vault.log.lock
c:\documents and settings\All Users\Application Data\AVG10\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\AVG10\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\AVG10\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\Lavasoft
c:\documents and settings\All Users\Application Data\Lavasoft\License\adaware.da2
c:\documents and settings\All Users\Application Data\Lavasoft\License\guid.dat
c:\documents and settings\David Kotecki\Application Data\AVG10
c:\documents and settings\David Kotecki\Application Data\AVG10\cfgall\usergui.cfg
c:\documents and settings\Hetty Richardson\Application Data\AVG10
c:\documents and settings\Hetty Richardson\Application Data\AVG10\cfgall\usergui.cfg
.
.
((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-18 11:06 . 2011-04-30 08:50 766464 ----a-w- c:\windows\system32\dllcache\vgx.dll
2011-07-18 11:01 . 2011-07-18 11:01 -------- d-----w- c:\documents and settings\Hetty Richardson\Application Data\MSNInstaller
2011-07-18 03:34 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-07-18 03:29 . 2011-07-18 03:29 -------- d-----w- c:\windows\Logs
2011-07-17 13:31 . 2011-07-17 13:37 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Skype
2011-07-17 13:28 . 2011-07-17 13:28 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\temp
2011-07-17 13:25 . 2011-07-17 13:25 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\Symantec
2011-07-17 13:23 . 2011-07-17 13:23 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-07-17 13:23 . 2011-07-17 13:23 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-07-17 13:23 . 2011-07-17 13:23 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-07-17 13:23 . 2011-07-17 13:23 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-07-17 13:23 . 2011-07-17 13:23 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-07-17 13:23 . 2011-07-17 13:23 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-07-17 13:23 . 2011-07-17 13:23 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-07-17 13:23 . 2011-07-17 13:23 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-07-17 13:23 . 2011-07-17 13:23 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-07-17 13:23 . 2011-07-17 13:23 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-07-17 13:23 . 2011-07-17 13:23 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-07-17 13:23 . 2011-07-17 13:23 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-07-17 13:22 . 2011-07-17 13:22 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-07-17 13:22 . 2011-07-17 13:22 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-07-17 13:22 . 2011-07-17 13:22 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-07-17 13:22 . 2011-07-17 13:22 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-07-17 13:22 . 2011-07-17 13:22 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-07-17 10:15 . 2011-07-17 10:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-17 10:13 . 2011-07-17 10:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-17 10:13 . 2011-07-17 10:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-07-16 18:48 . 2011-07-16 18:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-16 15:37 . 2011-07-16 15:37 -------- d-----w- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\AVG Security Toolbar
2011-07-16 14:51 . 2011-07-16 14:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-16 14:35 . 2011-07-18 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-15 23:10 . 2011-07-18 01:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-15 23:10 . 2011-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-15 19:55 . 2011-07-18 03:26 -------- d-----r- c:\program files\Skype
2011-07-15 15:35 . 2011-07-15 15:35 -------- d-----w- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\Symantec
2011-07-15 15:35 . 2010-09-11 02:32 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-07-15 15:34 . 2010-08-05 23:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-07-15 15:34 . 2011-07-15 15:34 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-15 15:34 . 2011-07-15 15:34 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-15 15:33 . 2011-07-15 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2011-07-15 15:33 . 2011-07-15 15:34 -------- d-----w- c:\program files\Symantec
2011-07-13 20:17 . 2011-07-13 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-12 23:44 . 2011-07-12 23:44 -------- d-----w- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}
2011-07-12 22:21 . 2011-07-12 22:21 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Malwarebytes
2011-07-12 22:21 . 2011-07-12 22:21 -------- d-sh--w- c:\documents and settings\David Kotecki\PrivacIE
2011-07-12 22:21 . 2011-07-12 22:21 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\Yahoo
2011-07-12 22:19 . 2011-07-12 22:19 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\Identities
2011-07-12 22:19 . 2011-07-12 22:19 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Windows Desktop Search
2011-07-12 22:19 . 2011-07-12 22:19 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Apple Computer
2011-07-12 22:18 . 2011-07-12 22:18 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Memeo
2011-07-12 22:18 . 2011-07-12 22:18 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Seagate
2011-07-12 22:18 . 2011-07-12 22:18 -------- d-----w- c:\documents and settings\David Kotecki\Local Settings\Application Data\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}
2011-07-12 22:18 . 2011-07-12 22:18 -------- d-----w- c:\documents and settings\David Kotecki\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 23:13 . 2011-06-26 13:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 23:52 . 2011-06-11 19:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-06-11 19:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2004-08-11 21:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-10 12:06 . 2009-03-28 17:25 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2008-10-11 15:27 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 08:52 . 2010-08-19 21:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2008-05-11 13:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2004-08-11 21:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-11 21:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-11 21:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-27 18:02 . 2010-06-27 18:01 1247056 ----a-w- c:\program files\wlsetup-web.exe
2009-09-23 21:27 . 2009-09-23 21:27 9688568 ----a-w- c:\program files\picasa35-setup.exe
2008-08-14 23:24 . 2008-08-14 23:24 25740144 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2011-07-08 07:16 . 2011-07-18 23:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-17 13:26 . 2010-03-04 20:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_21.53.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-27 22:44 . 2011-07-27 22:44 16384 c:\windows\Temp\Perflib_Perfdata_ba4.dat
+ 2011-07-27 22:41 . 2011-07-27 22:41 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
- 2008-05-11 17:36 . 2011-06-22 16:06 23558 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-05-11 17:36 . 2011-07-27 15:48 23558 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
- 2008-05-11 17:36 . 2011-06-22 16:06 25214 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Distiller.exe
+ 2008-05-11 17:36 . 2011-07-27 15:48 25214 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Distiller.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2008-05-11 17:36 . 2011-07-27 15:48 7278 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_ELEMENTS_DT.exe
- 2008-05-11 17:36 . 2011-06-22 16:06 7278 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2008-08-04 00:51 . 2011-07-27 22:45 225444 c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-05-11 17:36 . 2011-07-27 15:48 295606 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_Standard.exe
- 2008-05-11 17:36 . 2011-06-22 16:06 295606 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-05-11 17:36 . 2011-07-27 15:48 295606 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_3D.exe
- 2008-05-11 17:36 . 2011-06-22 16:06 295606 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2008-05-11 17:36 . 2011-07-27 15:48 295606 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
- 2008-05-11 17:36 . 2011-06-22 16:06 295606 c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2011-07-27 12:36 . 2011-07-27 12:36 2283008 c:\windows\Installer\31eafb2.msi
+ 2010-11-10 16:49 . 2010-11-10 16:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\31eafb3.msp
+ 2010-11-10 16:49 . 2010-11-10 16:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Hetty Richardson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Hetty Richardson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Hetty Richardson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Hetty Richardson\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 178712]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-24 1036288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-17 30192]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-05-27 624056]
"V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-07 28672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-23 273544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-06 115560]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0415Inst"="c:\windows\system32\V0415Pin.dll" [2009-08-04 40960]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"DNSexit"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"GoogleDesktopManager-051210-111108"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"Maxtor Sync Service"=2 (0x2)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Hetty Richardson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 3:58 AM 133968]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/11/2011 3:01 PM 366640]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 2:35 PM 25824]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/5/2008 3:54 PM 835208]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 12:42 PM 14088]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [4/30/2008 11:33 AM 2521880]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [11/19/2009 9:11 PM 135616]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/15/2011 11:50 AM 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/11/2011 3:01 PM 22712]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [11/19/2009 9:12 PM 31616]
R3 V0415Afx;Creative Camera VF0415 Audio Effects Driver;c:\windows\system32\drivers\V0415Afx.sys [11/19/2009 8:52 PM 160768]
R3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [11/19/2009 8:52 PM 286208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9b55aebe00602;Google Update Service (gupdate1c9b55aebe00602);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2009 3:23 PM 133104]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [1/23/2007 3:45 AM 42832]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/21/2010 7:27 AM 23888]
S3 cpuz134;cpuz134;\??\c:\docume~1\HETTYR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\HETTYR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2009 3:23 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 5:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/30/2008 11:36 AM 30192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-30 17:10]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 19:23]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 19:23]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005Core.job
- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-19 21:49]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005UA.job
- c:\documents and settings\Hetty Richardson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-19 21:49]
.
2011-07-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: maine.gov\secure
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BO1TDF&PC=B8MK&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55495
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 19:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-07-27 19:35:21
ComboFix-quarantined-files.txt 2011-07-27 23:35
ComboFix2.txt 2011-07-26 22:01
.
Pre-Run: 171,042,406,400 bytes free
Post-Run: 171,127,218,176 bytes free
.
- - End Of File - - A715B1C604DACEE891B38E19ABD3ABB8
Hetty
Active Member
 
Posts: 11
Joined: July 17th, 2011, 11:47 am

Re: Firefox and IE redirects

Unread postby Hetty » July 27th, 2011, 7:44 pm

Results of OTL Scan:

OLT.txt
OTL logfile created on: 7/27/2011 7:40:05 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Hetty Richardson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 74.47% Memory free
7.08 Gb Paging File | 6.28 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.75 Gb Total Space | 159.40 Gb Free Space | 68.49% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 884.32 Gb Free Space | 94.93% Space Free | Partition Type: NTFS
Drive Z: | 453.18 Gb Total Space | 366.08 Gb Free Space | 80.78% Space Free | Partition Type: NTFS

Computer Name: DELL2 | User Name: Hetty Richardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 19:38:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/01 12:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 12:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/27 08:52:30 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/05/23 09:31:49 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011/01/24 14:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/12/16 15:35:04 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/08/05 19:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/08/05 19:05:52 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/05/06 17:21:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/08/06 21:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0415Mon.exe
PRC - [2008/08/05 15:54:02 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/05/11 13:27:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/26 19:03:44 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/12 17:09:16 | 002,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/06/12 17:09:16 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/06/12 17:09:14 | 000,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 19:38:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
MOD - [2011/05/23 09:32:11 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/12/16 15:35:04 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/08/05 19:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/01 16:24:02 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/08/05 15:54:02 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/05/11 13:27:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/06/12 17:09:16 | 002,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
SRV - [2007/06/12 17:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/06/12 17:09:14 | 000,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2004/08/16 22:28:36 | 000,015,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DNSexit IP Updater\dnsexit_srv.exe -- (DNSexit)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/15 11:34:20 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/15 11:54:58 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110726.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/15 11:54:58 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/15 11:54:58 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/15 11:54:58 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110726.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/08/05 19:11:48 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/08/05 19:08:14 | 000,043,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/05/21 07:27:44 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/08 12:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/08 12:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/12/28 12:42:26 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/12/18 15:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/12 18:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/08/03 17:01:00 | 000,286,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0415Vid.sys -- (V0415Vid)
DRV - [2008/08/12 16:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/04/30 07:43:42 | 000,160,768 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0415Afx.sys -- (V0415Afx)
DRV - [2007/09/24 19:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/07/23 18:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/01/23 03:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=0080430
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=del ... bd=0080430


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=0080430
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=0080430
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BO1TDF&PC=B8MK&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}:5.1.0.9
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55495
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/23 09:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}\ [2011/07/12 19:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}: C:\Documents and Settings\David Kotecki\Local Settings\Application Data\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}\ [2011/07/12 18:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 19:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/27 08:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/17 09:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/09/12 14:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Extensions
[2010/09/12 14:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/18 19:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\extensions
[2011/03/29 13:44:32 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\searchplugins\bing.xml
[2007/06/27 16:22:28 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\searchplugins\verizonsearch.xml
[2011/07/18 19:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/19 17:47:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/21 22:14:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/18 18:41:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HETTY RICHARDSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UU53DY2G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/29 13:44:43 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/07/27 19:33:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0415Mon.exe] C:\WINDOWS\V0415Mon.exe (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [VF0415Inst] C:\WINDOWS\System32\V0415Pin.DLL (Creative Technology Ltd.)
O4 - HKU\S-1-5-18..\RunOnce: [VF0415Inst] C:\WINDOWS\System32\V0415Pin.DLL (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\..Trusted Domains: maine.gov ([secure] https in Trusted sites)
O15 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 19:38:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
[2011/07/27 19:23:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/26 17:40:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/26 17:38:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/26 17:38:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/26 17:38:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/26 17:38:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/26 17:38:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/26 17:35:09 | 004,155,432 | R--- | C] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\ComboFix.exe
[2011/07/26 09:14:20 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hetty Richardson\Desktop\tdsskiller.exe
[2011/07/18 18:40:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/18 18:40:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/18 18:40:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/18 07:45:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/07/18 07:06:14 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/07/18 07:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Application Data\MSNInstaller
[2011/07/17 23:35:14 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/07/17 23:35:14 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/07/17 23:35:13 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/07/17 23:35:13 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/07/17 23:35:13 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/07/17 23:35:13 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/07/17 23:35:13 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/07/17 23:35:13 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/07/17 23:35:12 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/07/17 23:35:12 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/07/17 23:35:12 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/07/17 23:35:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/07/17 23:35:12 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/07/17 23:35:11 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/07/17 23:35:11 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/07/17 23:35:11 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/07/17 23:35:11 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/07/17 23:35:11 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/07/17 23:35:10 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/07/17 23:35:10 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/07/17 23:35:10 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/07/17 23:35:10 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/07/17 23:35:10 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/07/17 23:35:10 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/07/17 23:35:09 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/07/17 23:35:09 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/07/17 23:35:09 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/07/17 23:35:09 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/07/17 23:35:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/07/17 23:35:08 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/07/17 23:35:08 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/07/17 23:35:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/07/17 23:35:08 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/07/17 23:35:08 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/07/17 23:35:08 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/07/17 23:35:08 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/07/17 23:35:07 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/07/17 23:35:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/07/17 23:35:07 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/07/17 23:35:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/07/17 23:35:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/07/17 23:35:07 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/07/17 23:35:06 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/07/17 23:35:06 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/07/17 23:35:06 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/07/17 23:35:06 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/07/17 23:35:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/07/17 23:35:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/07/17 23:35:05 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/07/17 23:35:05 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/07/17 23:35:05 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/07/17 23:35:05 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/07/17 23:35:05 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/07/17 23:35:05 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/07/17 23:35:05 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/07/17 23:35:04 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/07/17 23:35:04 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/07/17 23:35:04 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/07/17 23:35:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/07/17 23:35:04 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/07/17 23:35:03 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/07/17 23:35:03 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/07/17 23:35:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/07/17 23:35:03 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/07/17 23:35:03 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/07/17 23:35:03 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/07/17 23:35:02 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2011/07/17 23:35:02 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2011/07/17 23:35:02 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/07/17 23:34:58 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/07/17 23:34:58 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/07/17 23:34:58 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/07/17 23:34:57 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/07/17 23:34:57 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/07/17 23:34:57 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/07/17 23:34:57 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/07/17 23:34:57 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/07/17 23:34:57 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/07/17 23:34:56 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2011/07/17 23:34:56 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2011/07/17 23:34:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/07/17 23:34:54 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2011/07/17 23:34:54 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2011/07/17 23:34:54 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2011/07/17 23:34:53 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2011/07/17 23:34:53 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/07/17 23:34:53 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/07/17 23:34:52 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/07/17 23:34:52 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/07/17 23:34:50 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2011/07/17 23:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/07/17 11:41:20 | 000,489,596 | R--- | C] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\dds.scr
[2011/07/17 11:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/07/17 09:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard
[2011/07/16 14:48:22 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/16 13:39:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Hetty Richardson\Desktop\HijackThis.exe
[2011/07/16 11:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\AVG Security Toolbar
[2011/07/16 10:51:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/16 10:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/15 19:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/15 19:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/15 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/07/15 15:55:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/15 14:51:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/15 11:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Symantec
[2011/07/15 11:35:40 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/07/15 11:34:26 | 000,099,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/07/15 11:34:09 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/07/15 11:34:09 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/07/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2011/07/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/07/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/07/13 16:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/12 19:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}
[2010/06/27 14:01:51 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2009/09/23 17:27:00 | 009,688,568 | ---- | C] (Google Inc.) -- C:\Program Files\picasa35-setup.exe
[2008/08/14 19:24:16 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2008/04/28 08:36:08 | 011,768,648 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\FC9106US.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 19:40:05 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
[2011/07/27 19:40:05 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
[2011/07/27 19:38:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
[2011/07/27 19:33:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/27 19:22:18 | 004,155,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\ComboFix.exe
[2011/07/27 18:43:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 18:43:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 18:41:34 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/27 18:41:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 18:12:35 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005UA.job
[2011/07/27 18:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/27 14:59:04 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/27 10:04:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005Core.job
[2011/07/27 08:36:18 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/26 17:40:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/26 12:01:06 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\My Documents\Hetty L. Richardson.wlt
[2011/07/26 09:14:26 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hetty Richardson\Desktop\tdsskiller.exe
[2011/07/26 09:13:31 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Desktop\CKScanner.exe
[2011/07/20 19:13:09 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/18 19:09:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/18 19:09:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/18 07:47:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/17 22:47:55 | 000,550,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/17 22:47:55 | 000,103,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/17 22:25:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/17 11:41:20 | 000,489,596 | R--- | M] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\dds.scr
[2011/07/17 09:28:49 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[2011/07/16 14:48:20 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/16 11:41:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Hetty Richardson\Desktop\HijackThis.exe
[2011/07/15 19:37:15 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110715-193949.backup
[2011/07/15 18:42:55 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/07/15 14:22:14 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/15 11:34:20 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/07/15 11:34:20 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/07/15 11:34:20 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/07/15 11:34:20 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/07/15 10:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/15 09:42:18 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Desktop\Google Chrome.lnk
[2011/07/15 09:42:18 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/13 04:48:32 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/07/13 03:27:26 | 001,573,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 21:54:01 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xrajinoqoy.dat
[2011/07/12 18:18:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wveliwojiy.bin
[2011/07/12 05:51:52 | 000,012,151 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\EACE.42C
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 08:36:18 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/27 08:36:18 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/26 17:40:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/26 17:40:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/26 17:38:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/26 17:38:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/26 17:38:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/26 17:38:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/26 17:38:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/26 09:13:30 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Desktop\CKScanner.exe
[2011/07/18 19:09:09 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/18 19:09:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/18 19:09:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/17 09:28:49 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[2011/07/15 18:42:46 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/07/15 15:55:08 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/15 14:22:14 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/15 11:34:09 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/07/15 11:34:09 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/07/11 13:02:06 | 000,012,151 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\EACE.42C
[2011/06/11 08:31:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xrajinoqoy.dat
[2011/06/11 08:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wveliwojiy.bin
[2009/11/19 21:12:18 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/11/05 11:09:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/11 15:35:59 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/28 16:21:20 | 000,061,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/12 13:00:24 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2008/08/03 20:51:24 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/08/03 20:51:24 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/08/03 20:51:03 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/08/03 20:51:03 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/08/03 20:51:02 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/08/03 17:50:06 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\PUTTY.RND
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/11 20:05:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/05/11 15:59:09 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/11 13:33:55 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/05/11 12:50:54 | 000,000,351 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2008/05/11 12:48:55 | 000,000,605 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/05/11 12:32:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/11 10:29:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\winscp.rnd
[2008/05/11 10:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/10 22:46:13 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\fusioncache.dat
[2008/04/30 11:40:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/30 11:35:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/30 11:35:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/30 11:19:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/04/30 11:17:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/30 11:17:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/04/30 11:17:37 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/04/30 11:17:37 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/04/30 11:17:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/04/30 11:16:36 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/28 05:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/01/23 03:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 001,573,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,550,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,103,604 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe

========== LOP Check ==========

[2010/08/12 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/07/16 10:51:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/15 19:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2008/08/14 20:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2008/10/12 13:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2011/03/12 12:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ilium Software
[2008/06/25 07:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/05/18 10:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/06/12 15:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011/07/17 22:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/28 13:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/07 19:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/22 19:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/20 11:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/05/23 13:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Kotecki\Application Data\Juniper Networks
[2011/07/12 18:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Kotecki\Application Data\Memeo
[2011/07/12 18:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Kotecki\Application Data\Seagate
[2008/05/26 08:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Kotecki\Application Data\Thunderbird
[2008/07/17 06:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Kotecki\Application Data\VOL_TOOLBAR
[2011/07/12 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Kotecki\Application Data\Windows Desktop Search
[2010/02/19 22:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Canon
[2011/06/12 08:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Dropbox
[2011/07/15 19:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\go
[2011/03/12 08:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Ilium Software
[2011/02/09 09:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Juniper Networks
[2011/06/12 15:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Leadertech
[2011/07/17 11:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Memeo
[2011/07/18 07:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\MSNInstaller
[2011/06/12 15:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Seagate
[2010/09/12 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Thunderbird
[2008/08/16 17:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\vol_toolbar
[2011/03/20 09:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Windows Desktop Search
[2011/03/20 10:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Windows Search
[2008/05/11 10:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2010/01/03 11:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/06/12 15:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate
[2008/05/17 13:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks

========== Purity Check ==========



< End of report >

Extras.Txt
OTL Extras logfile created on: 7/27/2011 7:40:05 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Hetty Richardson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 74.47% Memory free
7.08 Gb Paging File | 6.28 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.75 Gb Total Space | 159.40 Gb Free Space | 68.49% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 884.32 Gb Free Space | 94.93% Space Free | Partition Type: NTFS
Drive Z: | 453.18 Gb Total Space | 366.08 Gb Free Space | 80.78% Space Free | Partition Type: NTFS

Computer Name: DELL2 | User Name: Hetty Richardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53183B25-FBDC-4B95-856A-DCDD69DFEE18}" = Intel(R) PRO Alerting Agent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.5
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FA272494-8DEA-43CF-9BFF-652553C04265}" = Symantec Endpoint Protection
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.0 Professional
"Adobe Acrobat 8 Professional_830" = Adobe Acrobat 8.3.0 - CPSID_83708
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"Creative Live! Central" = Creative Live! Central
"Creative VF0415" = Creative Live! Cam Video IM Ultra (VF0415) (1.01.03.00)
"Google Calendar Sync" = Google Calendar Sync
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Ilium Software eWallet_is1" = eWallet 7.2
"Image Composer" = Microsoft Image Composer 1.5
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Lighting Handbook" = Lighting Handbook
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"SysInfo" = Creative System Information
"vol_toolbar" = Verizon Broadband Toolbar
"WebVideoCap" = WebVideoCap
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2250608968-3542276623-1019064056-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2011 4:27:33 PM | Computer Name = DELL2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/27/2011 5:09:06 PM | Computer Name = DELL2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/27/2011 5:09:06 PM | Computer Name = DELL2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/27/2011 6:16:33 PM | Computer Name = DELL2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/27/2011 6:16:33 PM | Computer Name = DELL2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/27/2011 6:41:14 PM | Computer Name = DELL2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/27/2011 6:41:14 PM | Computer Name = DELL2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/27/2011 6:41:17 PM | Computer Name = DELL2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/27/2011 6:41:17 PM | Computer Name = DELL2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/27/2011 6:42:09 PM | Computer Name = DELL2 | Source = Intel(R) AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel(R) AMT.

[ System Events ]
Error - 7/27/2011 12:44:31 PM | Computer Name = DELL2 | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/27/2011 12:44:28 PM | Computer Name = DELL2 | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/27/2011 12:44:27 PM | Computer Name = DELL2 | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/27/2011 12:44:26 PM | Computer Name = DELL2 | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/27/2011 12:44:26 PM | Computer Name = DELL2 | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/27/2011 2:37:17 PM | Computer Name = DELL2 | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/27/2011 2:37:16 PM | Computer Name = DELL2 | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/27/2011 2:37:13 PM | Computer Name = DELL2 | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/27/2011 2:37:13 PM | Computer Name = DELL2 | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 7/27/2011 6:42:15 PM | Computer Name = DELL2 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >
Hetty
Active Member
 
Posts: 11
Joined: July 17th, 2011, 11:47 am

Re: Firefox and IE redirects

Unread postby askey127 » July 28th, 2011, 8:06 am

hetty,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}\ [2011/07/12 19:44:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}: C:\Documents and Settings\David Kotecki\Local Settings\Application Data\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}\ [2011/07/12 18:18:29 | 000,000,000 | ---D | M]
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O15 - HKU\S-1-5-21-2250608968-3542276623-1019064056-1005\..Trusted Domains: internet ([]about in Trusted sites)
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Firefox and IE redirects

Unread postby Hetty » July 28th, 2011, 7:11 pm

Thanks very much. The computer is running much better now. The redirect problem seems to have gone away.

The results from the quick scan are below:
OTL logfile created on: 7/28/2011 7:01:07 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Hetty Richardson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 64.07% Memory free
7.08 Gb Paging File | 6.05 Gb Available in Paging File | 85.43% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.75 Gb Total Space | 159.76 Gb Free Space | 68.64% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 884.31 Gb Free Space | 94.93% Space Free | Partition Type: NTFS
Drive Z: | 453.18 Gb Total Space | 366.08 Gb Free Space | 80.78% Space Free | Partition Type: NTFS

Computer Name: DELL2 | User Name: Hetty Richardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 19:38:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/01 12:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 12:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/23 09:31:49 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011/01/24 14:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/12/16 15:35:04 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/08/05 19:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/08/05 19:05:52 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/07/01 17:11:46 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2010/07/01 17:11:32 | 000,085,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe
PRC - [2010/05/06 17:21:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/08/06 21:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0415Mon.exe
PRC - [2008/08/05 15:54:02 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/26 19:03:44 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/12 17:09:16 | 002,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/06/12 17:09:16 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/06/12 17:09:14 | 000,408,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2007/06/12 17:09:14 | 000,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 19:38:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
MOD - [2011/05/23 09:32:11 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/12/16 15:35:04 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/08/05 19:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/01 16:24:02 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/08/05 15:54:02 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/05/11 13:27:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/06/12 17:09:16 | 002,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
SRV - [2007/06/12 17:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/06/12 17:09:14 | 000,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2004/08/16 22:28:36 | 000,015,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DNSexit IP Updater\dnsexit_srv.exe -- (DNSexit)


========== Driver Services (SafeList) ==========

DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/15 11:34:20 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/08 16:44:14 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/15 11:54:58 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110727.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/15 11:54:58 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110727.033\NAVENG.SYS -- (NAVENG)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/08/05 19:11:48 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/08/05 19:08:14 | 000,043,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/05/21 07:27:44 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/08 12:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/08 12:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/12/28 12:42:26 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/12/18 15:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/12 18:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/08/03 17:01:00 | 000,286,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0415Vid.sys -- (V0415Vid)
DRV - [2008/08/12 16:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/04/30 07:43:42 | 000,160,768 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0415Afx.sys -- (V0415Afx)
DRV - [2007/09/24 19:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/07/23 18:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/01/23 03:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=0080430
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=del ... bd=0080430

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BO1TDF&PC=B8MK&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}:5.1.0.9
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55495
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/23 09:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}\ [2011/07/12 19:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}: C:\Documents and Settings\David Kotecki\Local Settings\Application Data\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}\ [2011/07/12 18:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 19:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/27 08:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/17 09:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/09/12 14:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Extensions
[2010/09/12 14:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/18 19:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\extensions
[2011/03/29 13:44:32 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\searchplugins\bing.xml
[2007/06/27 16:22:28 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\searchplugins\verizonsearch.xml
[2011/07/18 19:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/19 17:47:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/21 22:14:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/18 18:41:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HETTY RICHARDSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UU53DY2G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/29 13:44:43 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/07/27 19:33:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0415Mon.exe] C:\WINDOWS\V0415Mon.exe (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: maine.gov ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/28 18:45:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/28 18:43:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/27 19:38:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
[2011/07/27 19:23:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/26 17:40:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/26 17:38:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/26 17:38:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/26 17:38:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/26 17:38:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/26 17:38:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/26 17:35:09 | 004,155,432 | R--- | C] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\ComboFix.exe
[2011/07/26 09:14:20 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hetty Richardson\Desktop\tdsskiller.exe
[2011/07/18 07:45:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/07/18 07:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Application Data\MSNInstaller
[2011/07/17 23:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/07/17 11:41:20 | 000,489,596 | R--- | C] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\dds.scr
[2011/07/17 11:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/07/17 09:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard
[2011/07/16 14:48:22 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/16 13:39:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Hetty Richardson\Desktop\HijackThis.exe
[2011/07/16 11:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\AVG Security Toolbar
[2011/07/16 10:51:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/16 10:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/15 19:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/15 19:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/15 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/07/15 15:55:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/15 14:51:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/15 11:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Symantec
[2011/07/15 11:35:40 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/07/15 11:34:26 | 000,099,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/07/15 11:34:09 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/07/15 11:34:09 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/07/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2011/07/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/07/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/07/13 16:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/12 19:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}
[2010/06/27 14:01:51 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2009/09/23 17:27:00 | 009,688,568 | ---- | C] (Google Inc.) -- C:\Program Files\picasa35-setup.exe
[2008/08/14 19:24:16 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2008/04/28 08:36:08 | 011,768,648 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\FC9106US.exe

========== Files - Modified Within 30 Days ==========

[2011/07/28 19:04:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005UA.job
[2011/07/28 19:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/28 18:59:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/28 18:58:08 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/28 18:57:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
[2011/07/28 18:57:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/28 18:57:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/28 18:43:17 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
[2011/07/27 19:38:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
[2011/07/27 19:33:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/27 19:22:18 | 004,155,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\ComboFix.exe
[2011/07/27 14:59:04 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/27 10:04:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005Core.job
[2011/07/27 08:36:18 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/26 17:40:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/26 12:01:06 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\My Documents\Hetty L. Richardson.wlt
[2011/07/26 09:14:26 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hetty Richardson\Desktop\tdsskiller.exe
[2011/07/26 09:13:31 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Desktop\CKScanner.exe
[2011/07/18 19:09:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/18 19:09:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/18 07:47:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/17 22:47:55 | 000,550,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/17 22:47:55 | 000,103,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/17 22:25:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/17 11:41:20 | 000,489,596 | R--- | M] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\dds.scr
[2011/07/17 09:28:49 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[2011/07/16 14:48:20 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/16 11:41:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Hetty Richardson\Desktop\HijackThis.exe
[2011/07/15 19:37:15 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110715-193949.backup
[2011/07/15 18:42:55 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/07/15 14:22:14 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/15 11:34:20 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/07/15 11:34:20 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/07/15 11:34:20 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/07/15 11:34:20 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/07/15 10:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/15 09:42:18 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Desktop\Google Chrome.lnk
[2011/07/15 09:42:18 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/13 04:48:32 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/07/13 03:27:26 | 001,573,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 21:54:01 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xrajinoqoy.dat
[2011/07/12 18:18:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wveliwojiy.bin
[2011/07/12 05:51:52 | 000,012,151 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\EACE.42C
[2011/07/08 16:44:14 | 000,167,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/07/27 08:36:18 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/27 08:36:18 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/26 17:40:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/26 17:40:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/26 17:38:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/26 17:38:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/26 17:38:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/26 17:38:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/26 17:38:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/26 09:13:30 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Desktop\CKScanner.exe
[2011/07/18 19:09:09 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/18 19:09:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/18 19:09:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/17 09:28:49 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[2011/07/15 18:42:46 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/07/15 15:55:08 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/15 14:22:14 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/15 11:34:09 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/07/15 11:34:09 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/07/11 13:02:06 | 000,012,151 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\EACE.42C
[2011/06/11 08:31:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xrajinoqoy.dat
[2011/06/11 08:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wveliwojiy.bin
[2009/11/19 21:12:18 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/11/05 11:09:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/11 15:35:59 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/28 16:21:20 | 000,061,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/12 13:00:24 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2008/08/03 20:51:24 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/08/03 20:51:24 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/08/03 20:51:03 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/08/03 20:51:03 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/08/03 20:51:02 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/08/03 17:50:06 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\PUTTY.RND
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/11 20:05:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/05/11 15:59:09 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/11 13:33:55 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/05/11 12:50:54 | 000,000,351 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2008/05/11 12:48:55 | 000,000,605 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/05/11 12:32:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/11 10:29:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\winscp.rnd
[2008/05/11 10:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/10 22:46:13 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\fusioncache.dat
[2008/04/30 11:40:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/30 11:35:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/30 11:35:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/30 11:19:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/04/30 11:17:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/30 11:17:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/04/30 11:17:37 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/04/30 11:17:37 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/04/30 11:17:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/04/30 11:16:36 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/28 05:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/01/23 03:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 001,573,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,550,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,103,604 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe

========== LOP Check ==========

[2010/08/12 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/07/16 10:51:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/15 19:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2008/08/14 20:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2008/10/12 13:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2011/03/12 12:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ilium Software
[2008/06/25 07:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/05/18 10:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/06/12 15:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011/07/17 22:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/28 13:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/07 19:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/22 19:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/20 11:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/19 22:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Canon
[2011/06/12 08:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Dropbox
[2011/07/15 19:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\go
[2011/03/12 08:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Ilium Software
[2011/02/09 09:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Juniper Networks
[2011/06/12 15:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Leadertech
[2011/07/17 11:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Memeo
[2011/07/18 07:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\MSNInstaller
[2011/06/12 15:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Seagate
[2010/09/12 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Thunderbird
[2008/08/16 17:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\vol_toolbar
[2011/03/20 09:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Windows Desktop Search
[2011/03/20 10:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Windows Search

========== Purity Check ==========



< End of report >
Hetty
Active Member
 
Posts: 11
Joined: July 17th, 2011, 11:47 am

Re: Firefox and IE redirects

Unread postby askey127 » July 29th, 2011, 7:02 am

Hetty,
These two lines refer to a network proxy. Did you intentionally set this up?
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55495


------------------------------------------------------------
Run MalwareBytes' Anti-Malware
As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab. Choose Check for Updates.
  • After the update have been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\WINDOWS\Xrajinoqoy.dat
    C:\WINDOWS\Wveliwojiy.bin
    
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Firefox and IE redirects

Unread postby Hetty » July 29th, 2011, 3:14 pm

Greetings,

We did not intentionally set the network proxy. We are connected to the internet via a DSL router.

The mbam log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7322

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/29/2011 3:12:40 PM
mbam-log-2011-07-29 (15-12-40).txt

Scan type: Quick scan
Objects scanned: 199210
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Hetty
Active Member
 
Posts: 11
Joined: July 17th, 2011, 11:47 am

Re: Firefox and IE redirects

Unread postby Hetty » July 29th, 2011, 4:02 pm

Greetings,

Results of the OTL Scan:

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\WINDOWS\Xrajinoqoy.dat moved successfully.
C:\WINDOWS\Wveliwojiy.bin moved successfully.
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: David Kotecki
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hetty Richardson
->Temp folder emptied: 36288 bytes
->Temporary Internet Files folder emptied: 1674634 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55774061 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1088 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 597700 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33341 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 07292011_154626

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_23c.dat not found!

Registry entries deleted on Reboot...
Hetty
Active Member
 
Posts: 11
Joined: July 17th, 2011, 11:47 am

Re: Firefox and IE redirects

Unread postby askey127 » July 29th, 2011, 6:09 pm

Hetty,
Looks good.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 55495
    :Commands
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Firefox and IE redirects

Unread postby Hetty » July 30th, 2011, 8:39 am

Thanks very much. The results from the quick scan are below:

OTL logfile created on: 7/30/2011 8:34:40 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Hetty Richardson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 66.61% Memory free
7.08 Gb Paging File | 6.05 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.75 Gb Total Space | 159.77 Gb Free Space | 68.65% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 884.31 Gb Free Space | 94.93% Space Free | Partition Type: NTFS
Drive Z: | 453.18 Gb Total Space | 366.03 Gb Free Space | 80.77% Space Free | Partition Type: NTFS

Computer Name: DELL2 | User Name: Hetty Richardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 19:38:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/27 09:23:56 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/06/01 12:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 12:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/23 09:31:49 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011/01/24 14:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/12/16 15:35:04 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/08/05 19:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/08/05 19:05:52 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/05/06 17:21:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/08/06 21:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0415Mon.exe
PRC - [2008/08/05 15:54:02 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/26 19:03:44 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/12 17:09:16 | 002,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/06/12 17:09:16 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/06/12 17:09:14 | 000,408,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2007/06/12 17:09:14 | 000,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 19:38:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
MOD - [2011/05/23 09:32:11 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/12/16 15:35:04 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/08/05 19:11:44 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/01 16:24:02 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/08/05 15:54:02 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/05/11 13:27:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/07/26 19:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/06/12 17:09:16 | 002,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
SRV - [2007/06/12 17:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/06/12 17:09:14 | 000,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/01/23 03:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2004/08/16 22:28:36 | 000,015,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DNSexit IP Updater\dnsexit_srv.exe -- (DNSexit)


========== Driver Services (SafeList) ==========

DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/15 11:34:20 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/15 11:54:58 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110729.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/15 11:54:58 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110729.048\NAVENG.SYS -- (NAVENG)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/08/05 19:11:48 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/08/05 19:08:14 | 000,043,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/05/21 07:27:44 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/08 12:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/08 12:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/12/28 12:42:26 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/12/18 15:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/12 18:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/08/03 17:01:00 | 000,286,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0415Vid.sys -- (V0415Vid)
DRV - [2008/08/12 16:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/04/30 07:43:42 | 000,160,768 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0415Afx.sys -- (V0415Afx)
DRV - [2007/09/24 19:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/07/23 18:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/01/23 03:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=0080430
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=del ... bd=0080430

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BO1TDF&PC=B8MK&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}:5.1.0.9
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/23 09:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}: C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}\ [2011/07/12 19:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}: C:\Documents and Settings\David Kotecki\Local Settings\Application Data\{11E1F80D-1BAB-47D3-BE16-E1B9BBDAFABA}\ [2011/07/12 18:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 19:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 19:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/17 09:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/09/12 14:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Extensions
[2010/09/12 14:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/18 19:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\extensions
[2011/03/29 13:44:32 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\searchplugins\bing.xml
[2007/06/27 16:22:28 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Mozilla\Firefox\Profiles\uu53dy2g.default\searchplugins\verizonsearch.xml
[2011/07/18 19:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/19 17:47:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/21 22:14:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/18 18:41:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HETTY RICHARDSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UU53DY2G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/29 13:44:43 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/07/27 19:33:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0415Mon.exe] C:\WINDOWS\V0415Mon.exe (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: maine.gov ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/28 18:45:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/28 18:43:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/27 19:38:06 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
[2011/07/27 19:23:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/26 17:40:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/26 17:38:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/26 17:38:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/26 17:38:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/26 17:38:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/26 17:38:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/26 17:35:09 | 004,155,432 | R--- | C] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\ComboFix.exe
[2011/07/26 09:14:20 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hetty Richardson\Desktop\tdsskiller.exe
[2011/07/18 07:45:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/07/18 07:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Application Data\MSNInstaller
[2011/07/17 23:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/07/17 11:41:20 | 000,489,596 | R--- | C] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\dds.scr
[2011/07/17 11:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/07/17 09:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard
[2011/07/16 14:48:22 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/16 13:39:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Hetty Richardson\Desktop\HijackThis.exe
[2011/07/16 11:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\AVG Security Toolbar
[2011/07/16 10:51:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/16 10:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/15 19:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/15 19:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/15 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/07/15 15:55:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/15 14:51:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/15 11:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\Symantec
[2011/07/15 11:35:40 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/07/15 11:34:26 | 000,099,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/07/15 11:34:09 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/07/15 11:34:09 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/07/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2011/07/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/07/15 11:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/07/13 16:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/12 19:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\{C960C8DD-EDA2-4DE1-A3D2-B66653C299E8}
[2010/06/27 14:01:51 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2009/09/23 17:27:00 | 009,688,568 | ---- | C] (Google Inc.) -- C:\Program Files\picasa35-setup.exe
[2008/08/14 19:24:16 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2008/04/28 08:36:08 | 011,768,648 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\FC9106US.exe

========== Files - Modified Within 30 Days ==========

[2011/07/30 08:17:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/30 08:16:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/30 08:16:11 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
[2011/07/30 08:16:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/30 08:15:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/30 08:13:51 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250608968-3542276623-1019064056-1005.job
[2011/07/29 17:12:36 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005UA.job
[2011/07/29 17:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 10:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/29 10:04:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250608968-3542276623-1019064056-1005Core.job
[2011/07/29 09:47:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/28 19:16:00 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/27 19:38:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hetty Richardson\Desktop\OTL.exe
[2011/07/27 19:33:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/27 19:22:18 | 004,155,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\ComboFix.exe
[2011/07/26 17:40:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/26 12:01:06 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\My Documents\Hetty L. Richardson.wlt
[2011/07/26 09:14:26 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hetty Richardson\Desktop\tdsskiller.exe
[2011/07/26 09:13:31 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Desktop\CKScanner.exe
[2011/07/18 19:09:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/18 19:09:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/18 07:47:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/17 22:47:55 | 000,550,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/17 22:47:55 | 000,103,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/17 22:25:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/17 11:41:20 | 000,489,596 | R--- | M] (Swearware) -- C:\Documents and Settings\Hetty Richardson\Desktop\dds.scr
[2011/07/17 09:28:49 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[2011/07/16 14:48:20 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/16 11:41:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Hetty Richardson\Desktop\HijackThis.exe
[2011/07/15 19:37:15 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110715-193949.backup
[2011/07/15 18:42:55 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/07/15 14:22:14 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/15 11:34:20 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/07/15 11:34:20 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/07/15 11:34:20 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/07/15 11:34:20 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/07/15 09:42:18 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Desktop\Google Chrome.lnk
[2011/07/15 09:42:18 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/13 04:48:32 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/07/13 03:27:26 | 001,573,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 05:51:52 | 000,012,151 | ---- | M] () -- C:\Documents and Settings\Hetty Richardson\Application Data\EACE.42C
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/07/28 19:16:00 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/28 19:16:00 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/26 17:40:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/26 17:40:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/26 17:38:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/26 17:38:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/26 17:38:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/26 17:38:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/26 17:38:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/26 09:13:30 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Desktop\CKScanner.exe
[2011/07/18 19:09:09 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/18 19:09:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/18 19:09:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/17 09:28:49 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard.lnk
[2011/07/15 18:42:46 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/07/15 15:55:08 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/15 14:22:14 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/15 11:34:09 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/07/15 11:34:09 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/07/11 13:02:06 | 000,012,151 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\EACE.42C
[2009/11/19 21:12:18 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/11/05 11:09:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/11 15:35:59 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/28 16:21:20 | 000,061,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/12 13:00:24 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2008/08/03 20:51:24 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/08/03 20:51:24 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/08/03 20:51:03 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/08/03 20:51:03 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/08/03 20:51:02 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/08/03 17:50:06 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\PUTTY.RND
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/11 20:05:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/05/11 15:59:09 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/11 13:33:55 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/05/11 12:50:54 | 000,000,351 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2008/05/11 12:48:55 | 000,000,605 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/05/11 12:32:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/11 10:29:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Application Data\winscp.rnd
[2008/05/11 10:23:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/10 22:46:13 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Hetty Richardson\Local Settings\Application Data\fusioncache.dat
[2008/04/30 11:40:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/30 11:35:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/30 11:35:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/30 11:19:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/04/30 11:17:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/30 11:17:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/04/30 11:17:37 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/04/30 11:17:37 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/04/30 11:17:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/04/30 11:16:36 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/28 05:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/01/23 03:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 001,573,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,550,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,103,604 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe

========== LOP Check ==========

[2010/08/12 13:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/07/16 10:51:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/15 19:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2008/08/14 20:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2008/10/12 13:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2011/03/12 12:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ilium Software
[2008/06/25 07:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/05/18 10:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/06/12 15:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011/07/17 22:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/28 13:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/07 19:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/22 19:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/20 11:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/19 22:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Canon
[2011/06/12 08:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Dropbox
[2011/07/15 19:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\go
[2011/03/12 08:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Ilium Software
[2011/02/09 09:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Juniper Networks
[2011/06/12 15:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Leadertech
[2011/07/17 11:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Memeo
[2011/07/18 07:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\MSNInstaller
[2011/06/12 15:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Seagate
[2010/09/12 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Thunderbird
[2008/08/16 17:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\vol_toolbar
[2011/03/20 09:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Windows Desktop Search
[2011/03/20 10:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hetty Richardson\Application Data\Windows Search

========== Purity Check ==========



< End of report >
Hetty
Active Member
 
Posts: 11
Joined: July 17th, 2011, 11:47 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware