Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Redirects and rundll errors on boot

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Redirects and rundll errors on boot

Unread postby snairb » December 28th, 2011, 1:59 pm

Hi, I am getting browser redirects when using google as a search, I am also getting
rundll errors for windowswindowmanager.dll on boot ups. My Norton Antivirus just found
trojan.gen in system restore this morning. I could not get the DDS to run as my system locked up. I was able to run Hijack this and here are the logs

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:01 AM, on 12/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Family\My Documents\Webroot\Washer\wwDisp.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WorkPad\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.k99.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\IPS\IPSBHO.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [Window Washer] C:\Documents and Settings\Family\My Documents\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - Global Startup: HotSync Manager.lnk = C:\WorkPad\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 7429 bytes


Uninstall List

Access IBM
Acrobat.com
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.7
Advanced Data Management System for the FT-1500
Apple Software Update
Audacity 1.2.6
AXIS Media Control
BadCopy Pro
CenturyLink Installer
CutePDF Writer 2.7
Deluo GPS Diagnostics
eXplorist Wizard
FileZilla Client 3.3.0.1
FT-2800 Programmer
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
IBM DLA
IBM Rapid Restore PC Setup
IBM RecordNow
IBM RecordNow Update Manager
IBM Update Connector
Infuzer
Intel(R) Network Connections Drivers
Intel(R) PROSet II
Intellicast Desktop
Java(TM) 6 Update 24
Juno
LADSPA_plugins-win-0.4.15
Malwarebytes' Anti-Malware
MapSend Lite
MapSend Topo 3D USA
MCP-2A (Remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Converter Pack
Microsoft Office Live Add-in 1.3
Microsoft Office Sounds
Microsoft Office XP Standard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mouse Suite
Mozilla Firefox (3.6.25)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
Norton AntiVirus
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OpenOffice.org 3.3
PCI SoftV92 Modem
QuickTime
RealPlayer
ResumeMaker Professional
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shop for HP Supplies
Software for Scanners
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
The Weather Channel Desktop 6
TravelPlus for Repeaters 11.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VX-3 Programmer
W6ELProp
WeatherBug
Winamp
Window Washer
Windows Backup Utility
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Driver Package - Prolific (ser2plms) Ports (04/28/2004 2.0.0.18)
Windows Driver Package - RT Systems RT CDM Driver Package (10/22/2009 2.06.00)
Windows Driver Package - RT Systems RT CDM Driver Package (10/22/2009 2.06.00)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format Runtime
Windows Presentation Foundation
Windows XP Service Pack 3
WinPatrol 2010
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
snairb
Active Member
 
Posts: 5
Joined: December 24th, 2011, 10:24 am
Advertisement
Register to Remove

Re: Browser Redirects and rundll errors on boot

Unread postby askey127 » December 30th, 2011, 8:59 am

Hi snairb,
You appear to have Hitman Pro running, but not "installed".

We need a bit more information before we start removing things.
In order to improve chances of running our tools, we will run one of the versions of Rkill first.
This terminates known processes that prevent scan tools from running.
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are different versions with different names. If one of them won't run, then download and try to run one of the other ones.
(Double Click Rkill to run it).
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools. Either ignore the warnings or shutdown your antivirus.
Please download Rkill from one of the following links (note the different names) and save to your Desktop:
Rkill.exe
iExplore.exe
eXplorer.exe
RKill.com
RKill.scr
Rkill.pif
uSeRiNiT.exe
  • Double-click on the Rkill, iExplore, eXplorer, or uSeRiNiT desktop icon to run the tool.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
  • If it doesn't run on the first try, please try to run it another two or three times.
  • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until you run the OTL scan below.
  • If the tool does not run from any of the links provided after trying each a few times, please let me know.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

Please tell me what you know about Hitman Pro, and reply with the contents of the two files from OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser Redirects and rundll errors on boot

Unread postby snairb » December 30th, 2011, 3:40 pm

Askey127,
thanks for Helping with my problem.
I have hitmanpro installed and using the 30 days Trial,
as the old version I had running no longer updated.
It runs each morning on startup.

I was able to run rkill.exe I have posted results from all 3 logs First will be rkill Then otl.txt and final will be extras.txt

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/30/2011 at 12:16:54.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Family\My Documents\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Family\My Documents\Family's Files\Intellicast.exe


Rkill completed on 12/30/2011 at 12:17:07.

OTL.Txt

OTL logfile created on: 12/30/2011 12:22:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 436.84 Mb Available Physical Memory | 42.70% Memory free
3.34 Gb Paging File | 2.67 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): C:\pagefile.sys 2500 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.47 Gb Total Space | 46.81 Gb Free Space | 64.59% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 798.02 Gb Free Space | 85.67% Space Free | Partition Type: NTFS

Computer Name: IBM-C8A9E96DF6F | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 12:14:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/06/08 09:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/05/26 16:15:11 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/04/29 08:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/09/20 04:56:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/10 06:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/04/20 10:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\system32\wwSecure.exe
PRC - [2004/02/06 21:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
PRC - [2002/06/07 14:54:54 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/06/07 14:02:56 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe
PRC - [2002/04/18 18:32:36 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PROMon.exe
PRC - [1998/05/01 15:00:00 | 000,260,096 | ---- | M] (Palm Computing, Inc., a 3Com Company) -- C:\WorkPad\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/13 02:42:05 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_efeb1685\mscorlib.dll
MOD - [2011/10/13 02:41:59 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9ac14dca\system.drawing.dll
MOD - [2011/10/12 20:24:02 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_622ebf64\system.xml.dll
MOD - [2011/10/12 20:23:37 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_66e38eb3\system.windows.forms.dll
MOD - [2011/10/12 20:22:55 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_1f20dafb\system.dll
MOD - [2011/10/12 20:22:24 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/03/29 13:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2007/08/22 10:06:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/08/22 10:06:30 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/08/22 10:06:29 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/08/20 22:03:38 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/08/20 22:03:29 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2007/08/20 22:03:28 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2007/08/20 22:03:23 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2007/08/20 22:03:20 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2007/08/20 22:03:20 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2007/08/20 22:03:19 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/08/20 22:03:19 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/08/20 22:03:19 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2007/08/20 22:03:19 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2007/08/20 22:03:19 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2007/08/20 22:03:19 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/08/20 22:03:18 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2007/08/20 22:03:18 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2007/08/20 22:03:18 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2007/08/20 22:03:18 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2007/08/20 22:03:17 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2007/08/20 22:03:17 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2007/08/20 22:03:17 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/08/20 22:03:17 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/08/20 22:03:16 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/08/20 22:03:16 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/08/20 22:03:16 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/08/20 22:03:16 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2007/08/20 22:03:16 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2007/08/20 22:03:16 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/08/20 22:03:16 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/08/20 22:03:16 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/08/20 22:03:15 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2007/08/20 22:03:15 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2007/08/20 22:03:15 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/08/20 11:57:44 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2005/10/20 09:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 09:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe -- (NAV)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/20 10:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc)
SRV - [2004/02/06 21:56:14 | 000,041,025 | ---- | M] (GEMTEKS) [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- (WLSVC)
SRV - [2002/06/07 14:02:56 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2011/12/26 10:58:43 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20111230.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/26 10:58:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20111230.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 12:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 03:59:44 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 03:59:44 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/24 10:59:48 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/21 14:31:56 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20111228.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/09/26 17:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/08 16:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\ccSetx86.sys -- (ccSet_NAV)
DRV - [2011/08/02 19:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 19:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/25 19:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/25 19:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2009/12/10 08:51:11 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/12/10 08:51:10 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/10/10 20:00:00 | 000,042,240 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2007/04/26 08:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 08:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/04/26 08:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/21 07:15:42 | 000,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tenCapture.sys -- (tenCapture)
DRV - [2005/10/26 09:06:30 | 000,356,096 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2002/05/03 12:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/03/06 13:48:06 | 001,171,584 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.k99.com/
IE - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.eham.net/|http://www.arrl.org/|http://www.livingsocial.com/cities/209-boulder-county/more_deals|http://dailydeal.signonsandiego.com/|http://www.cbs8.com/|http://pmp.upickem.net/engine/Splash.aspx?contestid=28392|http://www.denverdailydeals.com/|http://denver.cbslocal.com/|http://www.kdvr.com/|http://www.thedenverchannel.com/index.html|http://minnesota.cbslocal.com/|http://www.mke-skywarn.org/|http://www.srh.noaa.gov/sju/|http://www.stormpulse.com/atlantic-map|http://myhurricane.net/|http://www.hwn.org/|http://www.caribbeancompass.com/shortwave.htm|http://www.stormcarib.com/|http://weather.caribseek.com/|http://www.mwxc.com/|http://www.archive.org/web/web.php"
FF - prefs.js..extensions.enabledItems: kodak-companion@mozilla.com:2.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.21
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.6
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.9
FF - prefs.js..extensions.enabledItems: {8E722C16-301F-43d7-A17D-3882AC67FAA5}:0.76.0
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.12
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.9.35
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: giorgio@gilestro.tk:1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {7e46441b-b21a-4680-aa80-4cef03867ff3}:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 2.2\program File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2011/10/24 14:57:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/21 10:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 10:48:52 | 000,000,000 | ---D | M]

[2008/12/06 18:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Extensions
[2011/12/30 04:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions
[2011/12/08 12:37:04 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/12/17 15:24:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/08/25 10:27:28 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/04 15:33:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/01 02:48:52 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/12/18 10:30:10 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2011/07/14 09:13:17 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011/12/19 10:49:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{7e46441b-b21a-4680-aa80-4cef03867ff3}
[2011/07/19 03:44:14 | 000,000,000 | ---D | M] (N0HR Propfire) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{8E722C16-301F-43d7-A17D-3882AC67FAA5}
[2011/06/20 09:02:55 | 000,000,000 | ---D | M] (Sage) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2011/07/13 15:18:58 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/11/05 18:15:18 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/09 05:52:38 | 000,000,000 | ---D | M] (Wizz RSS News Reader) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2010/11/27 08:41:55 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/23 15:27:45 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/10/17 08:55:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/26 06:08:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/23 14:27:37 | 000,000,000 | ---D | M] (Imgur Uploader) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\giorgio@gilestro.tk
[2008/03/19 09:04:36 | 000,000,000 | ---D | M] (Ivy Video Converter Extension) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\ivy@ipodsoft.com.txt
[2011/03/30 08:20:30 | 000,000,000 | ---D | M] (Kodak EasyShare Gallery Companion) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\kodak-companion@mozilla.com
[2011/12/30 04:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/04 10:12:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/06 03:44:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/24 14:57:16 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPLGN
[2011/06/04 10:12:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/10/12 14:05:29 | 001,650,688 | ---- | M] (Oklahoma Climatological Survey) -- C:\Program Files\mozilla firefox\plugins\NPWXM32.DLL
[2008/12/01 09:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2010/05/26 12:46:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..\Toolbar\ShellBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No CLSID value found.
O3 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..\Toolbar\WebBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No CLSID value found.
O3 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PROMon.exe] C:\WINDOWS\System32\PROMon.exe (Intel Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004..\Run: [Window Washer] C:\Documents and Settings\Family\My Documents\Webroot\Washer\wwDisp.exe (Webroot Software)
O4 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004..\RunOnce: [Index Washer] C:\Documents and Settings\Family\My Documents\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\WorkPad\HOTSYNC.EXE (Palm Computing, Inc., a 3Com Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C5A9D9B-7E07-4746-A2AA-F32E40242454}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/20 09:26:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3c3f3ff6-4f4e-11dc-a8e7-00096b3affc0}\Shell - "" = AutoRun
O33 - MountPoints2\{3c3f3ff6-4f4e-11dc-a8e7-00096b3affc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c3f3ff6-4f4e-11dc-a8e7-00096b3affc0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{9883668c-ad97-11dc-a992-00096b3affc0}\Shell - "" = AutoRun
O33 - MountPoints2\{9883668c-ad97-11dc-a992-00096b3affc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9883668c-ad97-11dc-a992-00096b3affc0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 12:14:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/12/28 10:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Start Menu\Programs\HiJackThis
[2011/12/24 07:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/12/24 07:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/12/24 07:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Family\My Documents\My Videos
[2011/12/24 07:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/12/14 20:39:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Family\Recent
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

========== Files - Modified Within 30 Days ==========

[2011/12/30 12:14:29 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\rkill.exe
[2011/12/30 12:14:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/12/30 04:02:59 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/30 04:01:20 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/30 03:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 03:47:36 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 09:02:03 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 10:46:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/22 10:10:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/12/21 04:49:59 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\af6cc3b0
[2011/12/21 04:49:54 | 000,001,202 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/12/21 04:39:06 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Shortcut to HitmanPro35.exe.lnk
[2011/12/20 18:17:17 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\4fb13c4f
[2011/12/20 17:03:47 | 000,007,455 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\5814b44a
[2011/12/17 08:11:29 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/15 20:31:13 | 000,485,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 12:31:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 20:39:56 | 000,000,533 | ---- | M] () -- C:\WINDOWS\JUNO.INI
[2011/12/14 03:43:08 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/12/10 06:56:36 | 000,000,018 | ---- | M] () -- C:\Documents and Settings\Family\My Documents\Intellicast.ini
[2011/11/30 12:39:10 | 000,015,989 | ---- | M] () -- C:\Documents and Settings\Family\My Documents\OutStandingChecks.ods

========== Files Created - No Company Name ==========

[2011/12/30 12:14:33 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\rkill.exe
[2011/12/21 04:49:54 | 000,001,202 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/12/21 04:39:05 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\Shortcut to HitmanPro35.exe.lnk
[2011/12/19 11:12:06 | 000,007,455 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\5814b44a
[2011/12/19 10:50:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\4fb13c4f
[2011/12/19 10:50:09 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\af6cc3b0
[2011/06/09 03:39:43 | 000,410,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3789102929-1987578796-2449752138-1004-0.dat
[2011/06/08 21:02:58 | 000,410,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/05/26 12:13:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/26 12:13:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/26 12:13:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/26 12:13:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/26 12:13:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/25 11:10:27 | 000,128,000 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 02:32:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2010/05/18 11:50:34 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/06/19 15:02:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/01/12 16:13:04 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\pdwindows20.bin
[2009/01/12 16:07:32 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2008/07/25 10:51:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/07/21 11:39:29 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/06/05 15:52:00 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\WeatherScopePrefs.xml
[2008/04/17 07:57:55 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/02/23 14:44:27 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2008/02/13 09:08:08 | 000,000,220 | ---- | C] () -- C:\WINDOWS\klingfu.ini
[2008/01/18 09:22:30 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Yaesu.ini
[2008/01/11 15:06:31 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2008/01/11 15:06:30 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2007/11/14 15:33:35 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/13 11:01:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2007/10/24 14:52:16 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/09/21 08:49:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/10 10:37:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/08/30 08:43:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/20 22:17:12 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/08/20 22:13:30 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/08/20 21:54:04 | 000,117,121 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/08/20 21:51:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/08/20 21:49:48 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2007/08/20 17:40:26 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/08/20 11:33:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/08/20 10:15:23 | 000,004,704 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2007/08/20 10:15:23 | 000,000,054 | ---- | C] () -- C:\WINDOWS\psdewin.ini
[2007/08/20 10:15:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/20 10:07:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/08/20 10:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/08/20 10:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/08/20 10:06:07 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/08/20 10:06:05 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2007/08/20 10:05:33 | 000,001,001 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/08/20 09:44:47 | 000,000,533 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2007/08/20 09:26:14 | 000,003,745 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2007/08/20 09:26:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007/08/20 09:18:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/20 09:16:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/20 09:16:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2007/08/20 09:15:40 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2007/08/20 09:11:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/08/20 09:04:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/03/05 12:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/04/01 12:08:25 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\hamcal32.dll
[2005/12/12 14:18:54 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\winkeyVB.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/12 04:51:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll
[2002/09/24 09:29:46 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/23 17:42:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/23 17:36:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/23 17:31:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/23 17:30:26 | 000,485,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/17 11:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/26 09:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002/03/04 11:07:44 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\QRZ32.DLL
[2002/02/14 16:14:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/10 14:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/23 07:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 07:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/06/08 15:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[1999/04/21 16:53:40 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\agwdll32.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 23:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 23:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 23:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 23:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,482,000 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,079,948 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2007/08/20 09:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VERITAS
[2011/10/24 10:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CenturyLink
[2011/12/21 04:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/04/22 09:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2010/04/24 19:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RT Systems
[2010/05/27 12:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/06/26 14:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 07:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2007/08/20 09:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\VERITAS
[2007/09/20 10:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Audacity
[2011/05/06 19:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\butel
[2011/05/06 19:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\butelsoap
[2009/06/20 13:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\CallingID
[2009/06/20 19:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\comcasttb
[2009/12/27 15:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\FileZilla
[2011/06/08 18:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\GARMIN
[2009/06/26 14:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\GRLevel3
[2011/11/04 08:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Image Zone Express
[2008/04/22 09:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Individual Software
[2008/03/05 15:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\OfficeUpdate12
[2009/03/04 17:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\OpenOffice.org
[2011/04/03 11:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\PCHC
[2007/09/05 07:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Printer Info Cache
[2011/05/06 19:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Radioshack
[2010/04/24 19:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\RT Systems
[2007/08/20 09:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\VERITAS
[2009/04/03 17:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Walgreens
[2010/05/28 03:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\WeatherBug
[2008/06/05 15:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Weathersoft
[2010/05/28 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\WinPatrol

========== Purity Check ==========



< End of report >

Extras.txt


OTL Extras logfile created on: 12/30/2011 12:22:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 436.84 Mb Available Physical Memory | 42.70% Memory free
3.34 Gb Paging File | 2.67 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): C:\pagefile.sys 2500 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.47 Gb Total Space | 46.81 Gb Free Space | 64.59% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 798.02 Gb Free Space | 85.67% Space Free | Partition Type: NTFS

Computer Name: IBM-C8A9E96DF6F | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3789102929-1987578796-2449752138-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9420:TCP" = 9420:TCP:*:Disabled:Red Swoosh
"5000:UDP" = 5000:UDP:*:Disabled:Red Swoosh

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Juno\bin\juno.exe" = C:\Program Files\Juno\bin\juno.exe:*:Enabled:Juno -- (Juno Online Services, Inc.)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = IBM RecordNow Update Manager
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{10CA63B1-DEF1-4718-A122-268486A6EF66}" = MCP-2A (Remove only)
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{11D696C6-0A0C-499A-B431-6190F9DC1904}" = Juno
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25B052BB-7126-4412-99D9-3D9448235FE4}" = WeatherBug
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2F0200C6-9ACB-49F3-BC33-5BE9AA682D9F}" = MapSend Lite
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{3BEBC95D-FDBA-480B-93E8-9B4E9E41733C}" = MapSend Topo 3D USA
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54FC2173-BF6C-45B9-A7F8-304FA966A856}" = Infuzer
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{692854CC-97EF-4307-B787-8C6787B91033}" = Nero 7 Ultra Edition
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{73ACFCD5-4CA0-4404-8A50-009942DE70AB}" = Intellicast Desktop
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7CF0CEC0-9255-11DE-72AE-004FDD832CD6}" = VX-3 Programmer
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{92A40DC2-0ECD-4602-A79E-1DC53545C6EE}" = eXplorist Wizard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A729A100-89D9-11DE-5F90-014CDBA56952}" = FT-2800 Programmer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B8726461-A7C6-4628-A67C-FE5FC5FB3E9F}" = Software for Scanners
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = CenturyLink Installer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"4F78800C27D21D26846270C48AB3F715E9AF951D" = Windows Driver Package - RT Systems RT CDM Driver Package (10/22/2009 2.06.00)
"78283BA5291E464B5A994D7D58F8ADDE2A74A72A" = Windows Driver Package - Prolific (ser2plms) Ports (04/28/2004 2.0.0.18)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Data Management System for the FT-1500" = Advanced Data Management System for the FT-1500
"Audacity_is1" = Audacity 1.2.6
"AXIS Media Control" = AXIS Media Control
"BadCopy Pro" = BadCopy Pro
"BB27EF884AC49AEB19DFBD5B1680604E70B871BB" = Windows Driver Package - RT Systems RT CDM Driver Package (10/22/2009 2.06.00)
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Deluo GPS Diagnostics" = Deluo GPS Diagnostics
"FileZilla Client" = FileZilla Client 3.3.0.1
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PROSet" = Intel(R) Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"ResumeMaker Professional" = ResumeMaker Professional
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = TravelPlus for Repeaters 11.0
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"W6ELProp" = W6ELProp
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2010
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2011 5:46:56 AM | Computer Name = IBM-C8A9E96DF6F | Source = Application Hang | ID = 1002
Description = Hanging application Weather.exe, version 6.8.0.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/14/2011 10:26:29 PM | Computer Name = IBM-C8A9E96DF6F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 11/16/2011 7:19:42 PM | Computer Name = IBM-C8A9E96DF6F | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/5/2011 6:41:58 AM | Computer Name = IBM-C8A9E96DF6F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/5/2011 6:41:59 AM | Computer Name = IBM-C8A9E96DF6F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 12/19/2011 2:08:38 PM | Computer Name = IBM-C8A9E96DF6F | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 12/19/2011 2:09:00 PM | Computer Name = IBM-C8A9E96DF6F | Source = Application Error | ID = 1001
Description = Fault bucket 1597773430.

Error - 12/19/2011 2:09:18 PM | Computer Name = IBM-C8A9E96DF6F | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 12/19/2011 2:09:36 PM | Computer Name = IBM-C8A9E96DF6F | Source = Application Error | ID = 1001
Description = Fault bucket 1597773430.

Error - 12/27/2011 3:36:26 PM | Computer Name = IBM-C8A9E96DF6F | Source = wwSecure.exe | ID = 0
Description =

[ System Events ]
Error - 12/29/2011 6:40:18 AM | Computer Name = IBM-C8A9E96DF6F | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 12/30/2011 6:49:11 AM | Computer Name = IBM-C8A9E96DF6F | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126


< End of report >
snairb
Active Member
 
Posts: 5
Joined: December 24th, 2011, 10:24 am

Re: Browser Redirects and rundll errors on boot

Unread postby askey127 » December 30th, 2011, 8:28 pm

snairb,
We will remove old versions of Java and Adobe reader, and replace them here.
HitManPro has a collection of anti-virus and antispyware programs, and will interfere with removal tools and scanners.
It also won't allow Norton to work properly.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

WeatherBug
HiJackThis
Adobe Reader 9.4.7
Java(TM) 6 Update 24
Hitman Pro 3.5
<== funny I don't see this in the uninstall list. :D
Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    PRC - [2010/04/29 08:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
    IE - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: giorgio@gilestro.tk:1.0.3
    [2010/05/04 15:33:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    O3 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..\Toolbar\ShellBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No CLSID value found.
    O3 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..\Toolbar\WebBrowser: (no name) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No CLSID value found.
    O3 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
    O4 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O15 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-3789102929-1987578796-2449752138-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    [2011/12/21 04:39:06 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\Shortcut to HitmanPro35.exe.lnk
    [2011/12/20 18:17:17 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\4fb13c4f
    [2011/12/20 17:03:47 | 000,007,455 | ---- | M] () -- C:\Documents and Settings\Family\Application Data\5814b44a
    [2011/12/19 10:50:09 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\af6cc3b0
    [2010/05/18 11:50:34 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
    [2011/12/21 04:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/05/28 03:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\WeatherBug
    
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    :Services
    
    :Files
    C:\Program Files\Hitman Pro 3.5
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1011_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Scroll down to the section on the page, labeled Java SE 6 Update 30, click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x86 offline, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.

So we are looking for the latest version of OTL.txt, and let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser Redirects and rundll errors on boot

Unread postby snairb » December 31st, 2011, 12:45 am

Askey127,
I was able to remove the above listed files both versions of "Hijack this" , but hitman pro 3.5 was not showing in the list. It is no longer on my desktop nor is it c:\program files\ after running the custom fix. Once the otl custom fix completed I installed the new Adobe Rdr X and also the Java SE 6 Update 30 JRE for windows x86 offline. Also on reboot I did not get any rundll errors

Again Thanks for your help..

Here is the new OTL.txt

OTL logfile created on: 12/30/2011 9:08:23 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 419.94 Mb Available Physical Memory | 41.05% Memory free
3.34 Gb Paging File | 2.66 Gb Available in Paging File | 79.40% Paging File free
Paging file location(s): C:\pagefile.sys 2500 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.47 Gb Total Space | 46.95 Gb Free Space | 64.78% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 798.02 Gb Free Space | 85.67% Space Free | Partition Type: NTFS

Computer Name: IBM-C8A9E96DF6F | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 12:14:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
PRC - [2011/12/21 10:48:46 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/06/08 09:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/05/26 16:15:11 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/09/20 04:56:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/10 06:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/04/20 10:44:28 | 000,894,464 | ---- | M] (Webroot Software) -- C:\Documents and Settings\Family\My Documents\Webroot\Washer\wwDisp.exe
PRC - [2005/04/20 10:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\system32\wwSecure.exe
PRC - [2004/02/06 21:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
PRC - [2002/06/07 14:54:54 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/06/07 14:02:56 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe
PRC - [2002/04/18 18:32:36 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PROMon.exe
PRC - [1998/05/01 15:00:00 | 000,260,096 | ---- | M] (Palm Computing, Inc., a 3Com Company) -- C:\WorkPad\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/21 10:48:47 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/10/13 02:42:05 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_efeb1685\mscorlib.dll
MOD - [2011/10/13 02:41:59 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9ac14dca\system.drawing.dll
MOD - [2011/10/12 20:24:02 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_622ebf64\system.xml.dll
MOD - [2011/10/12 20:23:37 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_66e38eb3\system.windows.forms.dll
MOD - [2011/10/12 20:22:55 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_1f20dafb\system.dll
MOD - [2011/10/12 20:22:24 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/03/29 13:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2007/08/22 10:06:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/08/22 10:06:30 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/08/22 10:06:29 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/08/20 22:03:38 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/08/20 22:03:29 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2007/08/20 22:03:28 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2007/08/20 22:03:23 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2007/08/20 22:03:20 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2007/08/20 22:03:20 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2007/08/20 22:03:19 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/08/20 22:03:19 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/08/20 22:03:19 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2007/08/20 22:03:19 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2007/08/20 22:03:19 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2007/08/20 22:03:19 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/08/20 22:03:18 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2007/08/20 22:03:18 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2007/08/20 22:03:18 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2007/08/20 22:03:18 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2007/08/20 22:03:17 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2007/08/20 22:03:17 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2007/08/20 22:03:17 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/08/20 22:03:17 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/08/20 22:03:16 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/08/20 22:03:16 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/08/20 22:03:16 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/08/20 22:03:16 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2007/08/20 22:03:16 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2007/08/20 22:03:16 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/08/20 22:03:16 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/08/20 22:03:16 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/08/20 22:03:15 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2007/08/20 22:03:15 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2007/08/20 22:03:15 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/08/20 11:57:44 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2005/10/20 09:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 09:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005/04/19 13:09:34 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Family\My Documents\Webroot\Washer\Languages\English.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe -- (NAV)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/20 10:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc)
SRV - [2004/02/06 21:56:14 | 000,041,025 | ---- | M] (GEMTEKS) [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- (WLSVC)
SRV - [2002/06/07 14:02:56 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2011/12/26 10:58:43 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20111230.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/26 10:58:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20111230.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 12:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 03:59:44 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 03:59:44 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/24 10:59:48 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/21 14:31:56 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20111228.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/09/26 17:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/08 16:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\ccSetx86.sys -- (ccSet_NAV)
DRV - [2011/08/02 19:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 19:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/25 19:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/25 19:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2009/12/10 08:51:11 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/12/10 08:51:10 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/10/10 20:00:00 | 000,042,240 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2007/04/26 08:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 08:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/04/26 08:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/21 07:15:42 | 000,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tenCapture.sys -- (tenCapture)
DRV - [2005/10/26 09:06:30 | 000,356,096 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2002/05/03 12:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/03/06 13:48:06 | 001,171,584 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.k99.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.eham.net/|http://www.arrl.org/|http://www.livingsocial.com/cities/209-boulder-county/more_deals|http://dailydeal.signonsandiego.com/|http://www.cbs8.com/|http://pmp.upickem.net/engine/Splash.aspx?contestid=28392|http://www.denverdailydeals.com/|http://denver.cbslocal.com/|http://www.kdvr.com/|http://www.thedenverchannel.com/index.html|http://minnesota.cbslocal.com/|http://www.mke-skywarn.org/|http://www.srh.noaa.gov/sju/|http://www.stormpulse.com/atlantic-map|http://myhurricane.net/|http://www.hwn.org/|http://www.caribbeancompass.com/shortwave.htm|http://www.stormcarib.com/|http://weather.caribseek.com/|http://www.mwxc.com/|http://www.archive.org/web/web.php"
FF - prefs.js..extensions.enabledItems: kodak-companion@mozilla.com:2.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.21
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.6
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.9
FF - prefs.js..extensions.enabledItems: {8E722C16-301F-43d7-A17D-3882AC67FAA5}:0.76.0
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.12
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.9.35
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: giorgio@gilestro.tk:1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {7e46441b-b21a-4680-aa80-4cef03867ff3}:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 2.2\program File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2011/10/24 14:57:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/21 10:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/30 20:44:40 | 000,000,000 | ---D | M]

[2008/12/06 18:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Extensions
[2011/12/30 21:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions
[2011/12/08 12:37:04 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/12/17 15:24:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/08/25 10:27:28 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/06/01 02:48:52 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/12/18 10:30:10 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2011/07/14 09:13:17 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011/12/19 10:49:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{7e46441b-b21a-4680-aa80-4cef03867ff3}
[2011/07/19 03:44:14 | 000,000,000 | ---D | M] (N0HR Propfire) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{8E722C16-301F-43d7-A17D-3882AC67FAA5}
[2011/06/20 09:02:55 | 000,000,000 | ---D | M] (Sage) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2011/07/13 15:18:58 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/11/05 18:15:18 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/09 05:52:38 | 000,000,000 | ---D | M] (Wizz RSS News Reader) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2010/11/27 08:41:55 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/23 15:27:45 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/10/17 08:55:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/26 06:08:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/23 14:27:37 | 000,000,000 | ---D | M] (Imgur Uploader) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\giorgio@gilestro.tk
[2008/03/19 09:04:36 | 000,000,000 | ---D | M] (Ivy Video Converter Extension) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\ivy@ipodsoft.com.txt
[2011/03/30 08:20:30 | 000,000,000 | ---D | M] (Kodak EasyShare Gallery Companion) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\kodak-companion@mozilla.com
[2011/12/30 21:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/04 10:12:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/24 14:57:16 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPLGN
[2009/06/24 03:34:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/10/12 14:05:29 | 001,650,688 | ---- | M] (Oklahoma Climatological Survey) -- C:\Program Files\mozilla firefox\plugins\NPWXM32.DLL
[2008/12/01 09:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2010/05/26 12:46:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PROMon.exe] C:\WINDOWS\System32\PROMon.exe (Intel Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Window Washer] C:\Documents and Settings\Family\My Documents\Webroot\Washer\wwDisp.exe (Webroot Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\WorkPad\HOTSYNC.EXE (Palm Computing, Inc., a 3Com Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C5A9D9B-7E07-4746-A2AA-F32E40242454}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/20 09:26:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3c3f3ff6-4f4e-11dc-a8e7-00096b3affc0}\Shell - "" = AutoRun
O33 - MountPoints2\{3c3f3ff6-4f4e-11dc-a8e7-00096b3affc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c3f3ff6-4f4e-11dc-a8e7-00096b3affc0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{9883668c-ad97-11dc-a992-00096b3affc0}\Shell - "" = AutoRun
O33 - MountPoints2\{9883668c-ad97-11dc-a992-00096b3affc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9883668c-ad97-11dc-a992-00096b3affc0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 20:55:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/30 12:14:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/12/24 07:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/12/24 07:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/12/24 07:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Family\My Documents\My Videos
[2011/12/24 07:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/12/14 20:39:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Family\Recent
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

========== Files - Modified Within 30 Days ==========

[2011/12/30 21:00:53 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/30 20:59:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 20:58:54 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 12:14:29 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\rkill.exe
[2011/12/30 12:14:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/12/27 09:02:03 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 10:46:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/22 10:10:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/12/21 04:49:54 | 000,001,202 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/12/15 20:31:13 | 000,485,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 12:31:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 20:39:56 | 000,000,533 | ---- | M] () -- C:\WINDOWS\JUNO.INI
[2011/12/14 03:43:08 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/12/10 06:56:36 | 000,000,018 | ---- | M] () -- C:\Documents and Settings\Family\My Documents\Intellicast.ini

========== Files Created - No Company Name ==========

[2011/12/30 12:14:33 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\rkill.exe
[2011/12/21 04:49:54 | 000,001,202 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/06/09 03:39:43 | 000,410,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3789102929-1987578796-2449752138-1004-0.dat
[2011/06/08 21:02:58 | 000,410,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/05/26 12:13:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/26 12:13:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/26 12:13:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/26 12:13:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/26 12:13:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/25 11:10:27 | 000,128,000 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 02:32:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2009/06/19 15:02:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/01/12 16:13:04 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\pdwindows20.bin
[2009/01/12 16:07:32 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2008/07/25 10:51:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/07/21 11:39:29 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/06/05 15:52:00 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\WeatherScopePrefs.xml
[2008/04/17 07:57:55 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/02/23 14:44:27 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2008/02/13 09:08:08 | 000,000,220 | ---- | C] () -- C:\WINDOWS\klingfu.ini
[2008/01/18 09:22:30 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Yaesu.ini
[2008/01/11 15:06:31 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2008/01/11 15:06:30 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2007/11/14 15:33:35 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/13 11:01:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2007/10/24 14:52:16 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/09/21 08:49:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/10 10:37:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/08/30 08:43:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/20 22:17:12 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/08/20 22:13:30 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/08/20 21:54:04 | 000,117,121 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/08/20 21:51:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/08/20 21:49:48 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2007/08/20 17:40:26 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/08/20 11:33:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/08/20 10:15:23 | 000,004,704 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2007/08/20 10:15:23 | 000,000,054 | ---- | C] () -- C:\WINDOWS\psdewin.ini
[2007/08/20 10:15:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/20 10:07:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/08/20 10:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/08/20 10:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/08/20 10:06:07 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/08/20 10:06:05 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2007/08/20 10:05:33 | 000,001,001 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/08/20 09:44:47 | 000,000,533 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2007/08/20 09:26:14 | 000,003,745 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2007/08/20 09:26:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007/08/20 09:18:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/20 09:16:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/20 09:16:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2007/08/20 09:15:40 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2007/08/20 09:11:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/08/20 09:04:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/03/05 12:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/04/01 12:08:25 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\hamcal32.dll
[2005/12/12 14:18:54 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\winkeyVB.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/12 04:51:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll
[2002/09/24 09:29:46 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/23 17:42:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/23 17:36:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/23 17:31:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/23 17:30:26 | 000,485,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/17 11:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/26 09:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002/03/04 11:07:44 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\QRZ32.DLL
[2002/02/14 16:14:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2002/01/10 14:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/23 07:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 07:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/06/08 15:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[1999/04/21 16:53:40 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\agwdll32.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 23:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 23:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 23:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 23:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,482,000 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,079,948 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/24 10:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CenturyLink
[2008/04/22 09:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2010/04/24 19:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RT Systems
[2010/05/27 12:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/06/26 14:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 07:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2007/09/20 10:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Audacity
[2011/05/06 19:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\butel
[2011/05/06 19:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\butelsoap
[2009/06/20 13:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\CallingID
[2009/06/20 19:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\comcasttb
[2009/12/27 15:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\FileZilla
[2011/06/08 18:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\GARMIN
[2009/06/26 14:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\GRLevel3
[2011/11/04 08:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Image Zone Express
[2008/04/22 09:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Individual Software
[2008/03/05 15:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\OfficeUpdate12
[2009/03/04 17:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\OpenOffice.org
[2011/04/03 11:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\PCHC
[2007/09/05 07:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Printer Info Cache
[2011/05/06 19:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Radioshack
[2010/04/24 19:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\RT Systems
[2007/08/20 09:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\VERITAS
[2009/04/03 17:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Walgreens
[2008/06/05 15:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Weathersoft
[2010/05/28 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\WinPatrol

========== Purity Check ==========



< End of report >
snairb
Active Member
 
Posts: 5
Joined: December 24th, 2011, 10:24 am

Re: Browser Redirects and rundll errors on boot

Unread postby askey127 » December 31st, 2011, 7:39 am

snairb,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    FF - prefs.js..extensions.enabledItems: {7e46441b-b21a-4680-aa80-4cef03867ff3}:1.0
    
    :Files
    C:\Program Files\Mozilla Firefox\js3250.dll
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware
As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using this procedure:
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab. Choose Check for Updates.
  • Restart Malwarebytes Anti-Malware after the Update if you have to.
  • After the update has been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Make sure all items are checked. Then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.
    The same new log can also be found via the Logs tab when the application is re-started.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
This allows MBAM to remove additional items that could not be removed while Windows is running.
----------------------------------------------
Please download GooredFix from the location below and save it to your Desktop
Download Mirror
  • Now Ensure all Firefox windows are closed.
  • To run the tool, double-click it.
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

So we are looking for the log from OTL, the log from GooredFix, and the log from Malwarebytes Anti-Malware.
Let me know how the machine is behaving.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser Redirects and rundll errors on boot

Unread postby snairb » December 31st, 2011, 11:24 am

askey127,
Here are the logs

OTL logfile created on: 12/31/2011 7:46:53 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 222.15 Mb Available Physical Memory | 21.72% Memory free
3.34 Gb Paging File | 2.47 Gb Available in Paging File | 73.72% Paging File free
Paging file location(s): C:\pagefile.sys 2500 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.47 Gb Total Space | 46.33 Gb Free Space | 63.93% Space Free | Partition Type: NTFS
Drive M: | 931.51 Gb Total Space | 798.02 Gb Free Space | 85.67% Space Free | Partition Type: NTFS

Computer Name: IBM-C8A9E96DF6F | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 12:14:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/06/08 09:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/05/26 16:15:11 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/09/20 04:56:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/10 06:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/04/20 10:44:28 | 000,894,464 | ---- | M] (Webroot Software) -- C:\Documents and Settings\Family\My Documents\Webroot\Washer\wwDisp.exe
PRC - [2005/04/20 10:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\system32\wwSecure.exe
PRC - [2004/02/06 21:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
PRC - [2002/06/18 01:01:00 | 000,155,648 | ---- | M] (VERITAS Software, Inc.) -- C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
PRC - [2002/06/07 14:54:54 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/06/07 14:02:56 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe
PRC - [2002/04/18 18:32:36 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PROMon.exe
PRC - [1998/05/01 15:00:00 | 000,260,096 | ---- | M] (Palm Computing, Inc., a 3Com Company) -- C:\WorkPad\HOTSYNC.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/13 02:42:05 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_efeb1685\mscorlib.dll
MOD - [2011/10/13 02:41:59 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9ac14dca\system.drawing.dll
MOD - [2011/10/12 20:24:02 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_622ebf64\system.xml.dll
MOD - [2011/10/12 20:23:37 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_66e38eb3\system.windows.forms.dll
MOD - [2011/10/12 20:22:55 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_1f20dafb\system.dll
MOD - [2011/10/12 20:22:24 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/03/29 13:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2007/08/22 10:06:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/08/22 10:06:30 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/08/22 10:06:29 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/08/20 22:03:38 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/08/20 22:03:29 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2007/08/20 22:03:28 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2007/08/20 22:03:23 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2007/08/20 22:03:20 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2007/08/20 22:03:20 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2007/08/20 22:03:19 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/08/20 22:03:19 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/08/20 22:03:19 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2007/08/20 22:03:19 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2007/08/20 22:03:19 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2007/08/20 22:03:19 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/08/20 22:03:18 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2007/08/20 22:03:18 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2007/08/20 22:03:18 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2007/08/20 22:03:18 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2007/08/20 22:03:17 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2007/08/20 22:03:17 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2007/08/20 22:03:17 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/08/20 22:03:17 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/08/20 22:03:16 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/08/20 22:03:16 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/08/20 22:03:16 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/08/20 22:03:16 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2007/08/20 22:03:16 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2007/08/20 22:03:16 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/08/20 22:03:16 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/08/20 22:03:16 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/08/20 22:03:15 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2007/08/20 22:03:15 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2007/08/20 22:03:15 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/08/20 11:57:44 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2005/10/20 09:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 09:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005/04/19 13:09:34 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Family\My Documents\Webroot\Washer\Languages\English.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe -- (NAV)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/20 10:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc)
SRV - [2004/02/06 21:56:14 | 000,041,025 | ---- | M] (GEMTEKS) [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- (WLSVC)
SRV - [2002/06/07 14:02:56 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2011/12/26 10:58:43 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20111230.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/26 10:58:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20111230.025\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 12:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 03:59:44 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 03:59:44 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/24 10:59:48 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/21 14:31:56 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20111228.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/09/26 17:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/08 16:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\ccSetx86.sys -- (ccSet_NAV)
DRV - [2011/08/02 19:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 19:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/25 19:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/25 19:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2009/12/10 08:51:11 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/12/10 08:51:10 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/10/10 20:00:00 | 000,042,240 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2007/04/26 08:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 08:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/04/26 08:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/21 07:15:42 | 000,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tenCapture.sys -- (tenCapture)
DRV - [2005/10/26 09:06:30 | 000,356,096 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2002/05/03 12:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/03/06 13:48:06 | 001,171,584 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.k99.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.eham.net/|http://www.arrl.org/|http://www.livingsocial.com/cities/209-boulder-county/more_deals|http://dailydeal.signonsandiego.com/|http://www.cbs8.com/|http://pmp.upickem.net/engine/Splash.aspx?contestid=28392|http://www.denverdailydeals.com/|http://denver.cbslocal.com/|http://www.kdvr.com/|http://www.thedenverchannel.com/index.html|http://minnesota.cbslocal.com/|http://www.mke-skywarn.org/|http://www.srh.noaa.gov/sju/|http://www.stormpulse.com/atlantic-map|http://myhurricane.net/|http://www.hwn.org/|http://www.caribbeancompass.com/shortwave.htm|http://www.stormcarib.com/|http://weather.caribseek.com/|http://www.mwxc.com/|http://www.archive.org/web/web.php"
FF - prefs.js..extensions.enabledItems: kodak-companion@mozilla.com:2.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.21
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.6
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.9
FF - prefs.js..extensions.enabledItems: {8E722C16-301F-43d7-A17D-3882AC67FAA5}:0.76.0
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.12
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.9.35
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 2.2\program File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2011/10/24 14:57:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/21 10:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/30 21:33:24 | 000,000,000 | ---D | M]

[2008/12/06 18:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Extensions
[2011/12/31 07:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions
[2011/12/08 12:37:04 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/12/17 15:24:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/08/25 10:27:28 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/06/01 02:48:52 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/12/18 10:30:10 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2011/07/14 09:13:17 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011/12/19 10:49:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{7e46441b-b21a-4680-aa80-4cef03867ff3}
[2011/07/19 03:44:14 | 000,000,000 | ---D | M] (N0HR Propfire) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{8E722C16-301F-43d7-A17D-3882AC67FAA5}
[2011/06/20 09:02:55 | 000,000,000 | ---D | M] (Sage) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2011/07/13 15:18:58 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/11/05 18:15:18 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/09 05:52:38 | 000,000,000 | ---D | M] (Wizz RSS News Reader) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2010/11/27 08:41:55 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/23 15:27:45 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/10/17 08:55:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/26 06:08:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/03/19 09:04:36 | 000,000,000 | ---D | M] (Ivy Video Converter Extension) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\ivy@ipodsoft.com.txt
[2011/03/30 08:20:30 | 000,000,000 | ---D | M] (Kodak EasyShare Gallery Companion) -- C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\kodak-companion@mozilla.com
[2011/12/30 21:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/04 10:12:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/30 21:23:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/10/24 14:57:16 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPLGN
[2011/12/30 21:22:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/06/24 03:34:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/12/30 21:22:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/10/12 14:05:29 | 001,650,688 | ---- | M] (Oklahoma Climatological Survey) -- C:\Program Files\mozilla firefox\plugins\NPWXM32.DLL
[2008/12/01 09:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2010/05/26 12:46:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PROMon.exe] C:\WINDOWS\System32\PROMon.exe (Intel Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Window Washer] C:\Documents and Settings\Family\My Documents\Webroot\Washer\wwDisp.exe (Webroot Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\WorkPad\HOTSYNC.EXE (Palm Computing, Inc., a 3Com Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C5A9D9B-7E07-4746-A2AA-F32E40242454}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/20 09:26:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3c3f3ff6-4f4e-11dc-a8e7-00096b3affc0}\Shell - "" = AutoRun
O33 - MountPoints2\{3c3f3ff6-4f4e-11dc-a8e7-00096b3affc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c3f3ff6-4f4e-11dc-a8e7-00096b3affc0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{9883668c-ad97-11dc-a992-00096b3affc0}\Shell - "" = AutoRun
O33 - MountPoints2\{9883668c-ad97-11dc-a992-00096b3affc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9883668c-ad97-11dc-a992-00096b3affc0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/31 07:37:16 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Family\Desktop\GooredFix.exe
[2011/12/30 21:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Family\Local Settings\Application Data\Temp
[2011/12/30 21:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/30 21:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/30 20:55:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/30 12:14:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/12/24 07:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/12/24 07:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/12/24 07:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Family\My Documents\My Videos
[2011/12/24 07:28:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/12/14 20:39:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Family\Recent
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

========== Files - Modified Within 30 Days ==========

[2011/12/31 07:43:08 | 000,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/31 07:42:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/31 07:41:58 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 07:37:05 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Family\Desktop\GooredFix.exe
[2011/12/30 21:33:25 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/12/30 12:14:29 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Family\Desktop\rkill.exe
[2011/12/30 12:14:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Family\Desktop\OTL.exe
[2011/12/27 09:02:03 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 10:46:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/22 10:10:13 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/12/21 04:49:54 | 000,001,202 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/12/15 20:31:13 | 000,485,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 12:31:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 20:39:56 | 000,000,533 | ---- | M] () -- C:\WINDOWS\JUNO.INI
[2011/12/14 03:43:08 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/12/10 06:56:36 | 000,000,018 | ---- | M] () -- C:\Documents and Settings\Family\My Documents\Intellicast.ini

========== Files Created - No Company Name ==========

[2011/12/30 21:33:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/30 21:33:24 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/12/30 12:14:33 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Family\Desktop\rkill.exe
[2011/12/21 04:49:54 | 000,001,202 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/06/09 03:39:43 | 000,410,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3789102929-1987578796-2449752138-1004-0.dat
[2011/06/08 21:02:58 | 000,410,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/05/26 12:13:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/26 12:13:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/26 12:13:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/26 12:13:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/26 12:13:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/25 11:10:27 | 000,128,000 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 02:32:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2009/06/19 15:02:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/01/12 16:13:04 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\pdwindows20.bin
[2009/01/12 16:07:32 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2008/07/25 10:51:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/07/21 11:39:29 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/06/05 15:52:00 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Family\Application Data\WeatherScopePrefs.xml
[2008/04/17 07:57:55 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/02/23 14:44:27 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2008/02/13 09:08:08 | 000,000,220 | ---- | C] () -- C:\WINDOWS\klingfu.ini
[2008/01/18 09:22:30 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Yaesu.ini
[2008/01/11 15:06:31 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2008/01/11 15:06:30 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2007/11/14 15:33:35 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/13 11:01:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2007/10/24 14:52:16 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/09/21 08:49:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/10 10:37:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/08/30 08:43:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/20 22:17:12 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/08/20 22:13:30 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/08/20 21:54:04 | 000,117,121 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/08/20 21:51:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/08/20 21:49:48 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2007/08/20 17:40:26 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/08/20 11:33:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/08/20 10:15:23 | 000,004,704 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2007/08/20 10:15:23 | 000,000,054 | ---- | C] () -- C:\WINDOWS\psdewin.ini
[2007/08/20 10:15:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/20 10:07:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2007/08/20 10:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/08/20 10:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/08/20 10:06:07 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/08/20 10:06:05 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2007/08/20 10:05:33 | 000,001,001 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/08/20 09:44:47 | 000,000,533 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2007/08/20 09:26:14 | 000,003,745 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2007/08/20 09:26:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007/08/20 09:18:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/20 09:16:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/20 09:16:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2007/08/20 09:15:40 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2007/08/20 09:11:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/08/20 09:04:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/03/05 12:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/04/01 12:08:25 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\hamcal32.dll
[2005/12/12 14:18:54 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\winkeyVB.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/12 04:51:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll
[2002/09/24 09:29:46 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/23 17:42:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/23 17:36:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/23 17:31:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/23 17:30:26 | 000,485,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/17 11:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/26 09:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2002/03/04 11:07:44 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\QRZ32.DLL
[2002/02/14 16:14:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2002/01/10 14:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/23 07:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 07:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/06/08 15:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[1999/04/21 16:53:40 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\agwdll32.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 23:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 23:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 23:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 23:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,482,000 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,079,948 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/24 10:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CenturyLink
[2008/04/22 09:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2010/04/24 19:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RT Systems
[2010/05/27 12:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/06/26 14:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 07:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2007/09/20 10:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Audacity
[2011/05/06 19:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\butel
[2011/05/06 19:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\butelsoap
[2009/06/20 13:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\CallingID
[2009/06/20 19:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\comcasttb
[2009/12/27 15:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\FileZilla
[2011/06/08 18:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\GARMIN
[2009/06/26 14:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\GRLevel3
[2011/11/04 08:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Image Zone Express
[2008/04/22 09:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Individual Software
[2008/03/05 15:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\OfficeUpdate12
[2009/03/04 17:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\OpenOffice.org
[2011/04/03 11:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\PCHC
[2007/09/05 07:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Printer Info Cache
[2011/05/06 19:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Radioshack
[2010/04/24 19:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\RT Systems
[2007/08/20 09:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\VERITAS
[2009/04/03 17:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Walgreens
[2008/06/05 15:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Weathersoft
[2010/05/28 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\WinPatrol

========== Purity Check ==========



< End of report >


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.31.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family :: IBM-C8A9E96DF6F [administrator]

12/31/2011 8:01:43 AM
mbam-log-2011-12-31 (08-01-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204622
Time elapsed: 13 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.

(end)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 08:17 on 31/12/2011 (Family)
Firefox version 3.6.25 (en-US)

========== GooredScan ==========

Deleting "C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\{7e46441b-b21a-4680-aa80-4cef03867ff3}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:48 01/06/2011]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [17:12 04/06/2011]
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [04:22 31/12/2011]

C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\cqobbvtn.default\extensions\
ivy@ipodsoft.com.txt [16:04 19/03/2008]
kodak-companion@mozilla.com [15:20 30/03/2011]
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [19:37 08/12/2011]
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [22:24 17/12/2011]
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [17:27 25/08/2011]
{35106bca-6c78-48c7-ac28-56df30b51d2a} [09:48 01/06/2011]
{4176DFF4-4698-11DE-BEEB-45DA55D89593} [17:30 18/12/2011]
{65e41d20-f092-41b7-bb83-c6e8a9ab0f57} [16:13 14/07/2011]
{8E722C16-301F-43d7-A17D-3882AC67FAA5} [10:44 19/07/2011]
{a6ca9b3b-5e52-4f47-85d8-cca35bb57596} [16:02 20/06/2011]
{d37dc5d0-431d-44e5-8c91-49419370caa1} [22:18 13/07/2011]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [01:15 06/11/2011]
{D5EDC062-A372-4936-B782-BD611DD18D86} [12:52 09/01/2010]
{DCBD1271-D228-4082-9FBC-36D9B7660B03} [15:41 27/11/2010]
{dd3d7613-0246-469d-bc65-2a3cc1668adc} [22:27 23/03/2010]
{DDC359D1-844A-42a7-9AA1-88A850A938A8} [15:55 17/10/2011]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [13:08 26/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [18:16 12/06/2009]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\" [19:50 24/10/2011]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:22 31/12/2011]

-=E.O.F=-


I cannot get firefox to start it is getting error Firefox.exe - Unable to locate Component
"application failed to start because js3250.dll was not found. Re-installing the application may fix this problem. Do I need to reinstall Firefox, also What about Hitman Pro.... Snairb
snairb
Active Member
 
Posts: 5
Joined: December 24th, 2011, 10:24 am

Re: Browser Redirects and rundll errors on boot

Unread postby askey127 » December 31st, 2011, 4:07 pm

Snairb,
I would Uninstall Firefox, and install it again. If you reinstall over the present folders it should be OK.
We removed that js3250.dll file. I am still not sure it's legit, so I don't want to restore it.

Hitman Pro is a conglomeration of small apps, and is not one I would recommend as your main antivirus.
You cannot install more than one antivirus at a time without actually compromising your security or rendering your system unstable. I would use Norton, if it's paid and up to date. If Norton is not paid and up to date, I would Uninstall it and use Microsoft Security Essentials. (Remember, only one at a time)

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser Redirects and rundll errors on boot

Unread postby snairb » December 31st, 2011, 9:27 pm

Askey127,
I have installed Mozilla 9.01 and do not get any js3250.dll errors. I have tried using google and no longer get redirects as I did before. It appears that my problems have been resolved... If there are further things I need to run please let me know.

I will stick with Norton 19.2.0 as that is what I have installed and up to date. Can you give me a idea of what I had causing the problem, and what if any Could I have done to prevent this..
Thanks Snairb
snairb
Active Member
 
Posts: 5
Joined: December 24th, 2011, 10:24 am

Re: Browser Redirects and rundll errors on boot

Unread postby askey127 » January 1st, 2012, 10:17 am

snairb,
Some ideas on what may have been causing problems:
  • The entire Internet was in your browser Trusted zone.
    Don't allow any but Microsoft and your Internet Service provider in the Trusted zone.
    Sites in the trusted zone can run what programs they wish on your computer, without special permission.

  • The Yahoo Companion Toolbar can allow lots of third party applications to access your machine.
    See here: http://www.systemlookup.com/lists.php?list=1&type=clsid&search=EF99BD32-C1FB-11D2-892F-0090271D4F88
    In general, toolbars are offered for the financial benefit of the provider, not for you.
    Don't allow installation of any toolbars that are not VERY important to you.
    Many of them are not what they pretend.

  • Allowing two or more Antivirus programs to run at the same time can reduce your security.
    There were two antivirus programs running at once on the machine.
    Just one antivirus and one antispyware (Malwarebytes' Anti-Malware) will be sufficient.
    Winpatrol is also useful to keep, since it watches for any surprise changes to your system.

  • Java needs to be updated regularly, but be sure to ALWAYS UNCHECK any offers for toolbars (especially Ask.com).
    Java was out of date.

  • Occasionally see that your Adobe Reader checks for updates
    Adobe reader was out of date.
------------------------------------------------
Reset System Restore Points
  • Click Start, All Programs, Accessories, System Tools, System Restore
  • Click Create A Restore Point then click Next. Give it a name and then click Create, then Close.
  • Click Start, Run and type Cleanmgr
  • Select the Windows drive (usually C:), then click OK.
  • After it scans, Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.

Reboot your machine to record the changes you have made.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware, or changes in the Restore settings.
------------------------------------------------
If you open OTL one more time, and click the CleanUp button, it will remove itself and the tools we used.

Good job, and good luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser Redirects and rundll errors on boot

Unread postby askey127 » January 2nd, 2012, 8:39 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware