Solved Browser redirect

bshaw · Jun 30, 2011

+ 2011-06-29 07:22 . 2011-06-29 07:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-01-26 14:39 . 2010-01-26 14:39 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-01-26 14:40 . 2010-01-26 14:40 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-01-26 14:40 . 2010-01-26 14:40 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-01-26 14:39 . 2010-01-26 14:39 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-01-26 14:40 . 2010-01-26 14:40 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-01-26 14:40 . 2010-01-26 14:40 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-01-26 14:40 . 2010-01-26 14:40 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-01-26 14:40 . 2010-01-26 14:40 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-10 17:50 . 2004-08-04 10:00 116224 c:\windows\AppPatch\AcXtrnal.dll
+ 2004-08-10 17:50 . 2004-08-04 10:00 244736 c:\windows\AppPatch\AcSpecfc.dll
+ 2004-08-10 17:50 . 2004-08-04 10:00 137728 c:\windows\AppPatch\AcLua.dll
+ 2004-08-10 17:50 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll
+ 2011-06-28 22:45 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-21 04:03 . 2009-07-21 04:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-10 17:51 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-10 17:51 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys
+ 2004-08-10 17:51 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
- 2004-08-10 17:51 . 2007-10-26 03:36 8454656 c:\windows\system32\shell32.dll
+ 2004-08-10 17:51 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
- 2004-08-10 17:51 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll
+ 2004-08-10 17:51 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll
+ 2004-08-10 17:51 . 2010-02-16 17:35 2143744 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2010-02-16 16:57 2021888 c:\windows\system32\ntkrnlpa.exe
+ 2009-08-19 21:07 . 2009-08-19 21:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-07-21 04:05 . 2009-07-21 04:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-10 17:51 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-10 17:51 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2004-02-20 20:47 . 2004-02-20 20:47 1047552 c:\windows\system32\mfc71u.dll
+ 2003-10-17 16:44 . 2003-10-17 16:44 1060864 c:\windows\system32\mfc71.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 1028096 c:\windows\system32\mfc42.dll
+ 2004-02-23 18:51 . 2004-02-23 18:51 1294336 c:\windows\system32\LTWVC14N.DLL
+ 2004-02-22 21:57 . 2004-02-22 21:57 1695744 c:\windows\system32\LTCLR14N.DLL
+ 2004-02-25 02:08 . 2004-02-25 02:08 1024000 c:\windows\system32\LTANN14N.DLL
+ 2009-03-08 08:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 1114896 c:\windows\system32\esent97.dll
+ 2004-08-10 17:51 . 2005-10-20 22:20 1082368 c:\windows\system32\esent.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 2113536 c:\windows\system32\dxdiagn.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 1298432 c:\windows\system32\dxdiag.exe
+ 2004-08-10 17:51 . 2004-08-04 10:00 1227264 c:\windows\system32\dx8vb.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 1294336 c:\windows\system32\dsound3d.dll
+ 2006-12-07 22:02 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2007-03-08 13:47 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2007-03-01 03:53 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2007-03-01 03:53 . 2007-10-26 03:36 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2007-03-01 03:53 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2007-03-01 03:54 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2007-03-01 03:54 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2007-10-29 22:43 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2007-02-28 09:55 . 2010-02-16 17:37 2186880 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2007-02-28 09:15 . 2010-02-16 16:57 2021888 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 09:15 . 2010-02-17 15:57 2063744 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 09:53 . 2010-02-16 17:35 2143744 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-03-01 03:54 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2007-06-26 13:44 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2006-07-28 09:28 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2011-06-28 22:44 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2004-08-10 17:50 . 2004-08-04 10:00 1501696 c:\windows\system32\diskcopy.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll
+ 2004-08-10 17:50 . 2008-10-16 10:37 1054208 c:\windows\system32\danim.dll
+ 2004-08-10 17:50 . 2004-08-04 10:00 1689088 c:\windows\system32\d3d9.dll
+ 2004-08-10 17:50 . 2004-08-04 10:00 1179648 c:\windows\system32\d3d8.dll
+ 2004-08-10 17:50 . 2005-09-10 01:53 2067968 c:\windows\system32\cdosys.dll
+ 2004-08-10 17:50 . 2008-10-16 10:37 1023488 c:\windows\system32\browseui.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2004-07-15 13:15 . 2004-07-15 13:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 19:32 . 2004-07-15 19:32 2052096 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 19:32 . 2004-07-15 19:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 05:28 . 2004-07-15 05:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1096\_mscorwks.dll
+ 2004-07-15 05:26 . 2004-07-15 05:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1096\_mscorsvr.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1096\_mscorlib.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\2e594bc.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\2e59494.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\2e59493.msp
+ 2003-07-03 20:19 . 2003-07-03 20:19 2502656 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-03 15:52 . 2003-08-03 15:52 2808376 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-08-01 20:09 . 2003-08-01 20:09 8086072 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-08-10 04:06 . 2003-08-10 04:06 7522360 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 1033216 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2002-12-18 00:09 . 2002-12-18 00:09 2071752 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2002-12-18 00:08 . 2002-12-18 00:08 1383592 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 04:11 . 2003-07-15 04:11 2139192 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-26 00:00 . 2003-07-26 00:00 1157696 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-24 04:01 . 2003-07-24 04:01 1949240 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-08-03 15:56 . 2003-08-03 15:56 1146184 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2011-06-29 07:09 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-06-29 07:09 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-06-29 07:09 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2004-08-10 17:51 . 2007-06-13 10:23 1033216 c:\windows\explorer.exe
+ 2007-03-01 03:58 . 2010-02-16 17:37 2186880 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2007-03-01 03:57 . 2010-02-16 16:57 2021888 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2007-03-01 03:58 . 2010-02-17 15:57 2063744 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2007-03-01 03:57 . 2010-02-16 17:35 2143744 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-07-11 07:00 . 2007-07-11 07:00 1265664 c:\windows\assembly\temp\M7R2QR9IEP\System.Web.dll
+ 2010-01-26 14:40 . 2010-01-26 14:40 3149824 c:\windows\assembly\temp\L8M4048CE3\System.dll
+ 2010-01-26 14:40 . 2010-01-26 14:40 2048000 c:\windows\assembly\temp\HSH6C1HPSO\System.XML.dll
+ 2010-01-26 14:40 . 2010-01-26 14:40 2933248 c:\windows\assembly\temp\F91F9BDUJF\System.Data.dll
+ 2007-07-11 07:00 . 2007-07-11 07:00 1966080 c:\windows\assembly\temp\BA66UVDO6U\System.dll
+ 2007-07-11 07:00 . 2007-07-11 07:00 1232896 c:\windows\assembly\temp\948CKVDODV\System.dll
+ 2007-07-11 07:01 . 2007-07-11 07:01 3391488 c:\windows\assembly\temp\3VHL3SI84F\mscorlib.dll
+ 2010-01-26 14:39 . 2010-01-26 14:39 5025792 c:\windows\assembly\temp\39BQTAZOKN\System.Windows.Forms.dll
+ 2007-07-11 07:01 . 2007-07-11 07:01 2088960 c:\windows\assembly\temp\1VWM51CNDO\System.Xml.dll
+ 2007-07-11 07:01 . 2007-07-11 07:01 3018752 c:\windows\assembly\temp\1QJM51XM51\System.Windows.Forms.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f44da13d\System.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_75182d14\System.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ef38a775\System.Xml.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e8870913\System.Xml.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_eed064bd\System.Windows.Forms.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_36e27574\System.Windows.Forms.dll
+ 2011-06-29 07:20 . 2011-06-29 07:20 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e72de3ca\System.Drawing.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_95207ba7\System.Design.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2c7fd576\System.Design.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_926de8d5\mscorlib.dll
+ 2011-06-29 07:20 . 2011-06-29 07:20 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_524c5819\mscorlib.dll
+ 2011-06-29 07:23 . 2011-06-29 07:23 3323392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\ec836c78e45f1397dd529d1279f86e14\WindowsBase.ni.dll
+ 2011-06-29 07:25 . 2011-06-29 07:25 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\e00b3436796e6a6640f74775080a2230\UIAutomationClientsideProviders.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 3446784 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\0b8ee8c344fae4ccf9b732e2cded0f14\ttax.ni.dll
+ 2011-06-29 07:27 . 2011-06-29 07:27 4170240 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\05a120407f6dd77794b7c4662c862ab9\ttax.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 7948288 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP948.tmp\System.dll
+ 2011-06-29 07:23 . 2011-06-29 07:23 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\bbdeb12988e827a4e9fa200ad16f4520\System.ni.dll
+ 2011-06-29 07:25 . 2011-06-29 07:25 5450240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\93eb6a059bbc17168d0002d35736cad4\System.Xml.ni.dll
+ 2011-06-29 07:31 . 2011-06-29 07:31 1355776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\54a88fe8bccee296bf94f166cc487ad0\System.WorkflowServices.ni.dll
+ 2011-06-29 07:31 . 2011-06-29 07:31 1904640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\3e5c8e9de41d5026f593a1cb80a7875f\System.Workflow.Runtime.ni.dll
+ 2011-06-29 07:30 . 2011-06-29 07:31 4511744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e74fbc5a1a69dd4dbd121e9536e95dc0\System.Workflow.ComponentModel.ni.dll
+ 2011-06-29 07:30 . 2011-06-29 07:30 2990080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\1cb0bb5abbd8f8c8e04c9b9396cd1d54\System.Workflow.Activities.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 1840128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\20958d5478d5266bb154ba6e9a1cd290\System.Web.Services.ni.dll
+ 2011-06-29 07:30 . 2011-06-29 07:30 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e1385ec049eb3ec7bbde4a0742a310db\System.Web.Mobile.ni.dll
+ 2011-06-29 07:30 . 2011-06-29 07:30 2400256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7dd7414d028408af354bfdb07ae37c18\System.Web.Extensions.ni.dll
+ 2011-06-29 07:25 . 2011-06-29 07:25 1913344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\cf54a3811628a9395a41a66f70e782c1\System.Speech.ni.dll
+ 2011-06-29 07:30 . 2011-06-29 07:30 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a7a953abc9859165a617f52e33019384\System.ServiceModel.Web.ni.dll
+ 2011-06-29 07:27 . 2011-06-29 07:27 2344960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\cf12b1620cb4de440b36b93d598e255e\System.Runtime.Serialization.ni.dll
+ 2011-06-29 07:25 . 2011-06-29 07:25 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\62f2f54328a61a3f7e1e243b8a2e1f01\System.Printing.ni.dll
+ 2011-06-29 07:27 . 2011-06-29 07:27 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\34638f423908d7f7b98e80f6e9b65b95\System.IdentityModel.ni.dll
+ 2011-06-29 07:25 . 2011-06-29 07:25 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\cfea0d1795b97fa4c067e202c768ad6c\System.Drawing.ni.dll
+ 2011-06-29 07:27 . 2011-06-29 07:27 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7fd502b9cc125fb6ef025cd192a30d6c\System.DirectoryServices.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c034791ede77a566a015684d2f5f26d5\System.Deployment.ni.dll
+ 2011-06-29 07:24 . 2011-06-29 07:24 6615040 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\70cbbab9c6f208ff56856a5f97a6e331\System.Data.ni.dll
+ 2011-06-29 07:27 . 2011-06-29 07:27 2508800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f6e6935b7d128cc1da3fbde4e6c50e67\System.Data.SqlXml.ni.dll
+ 2011-06-29 07:30 . 2011-06-29 07:30 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5dd9533e86686a53780f6956c28c911e\System.Data.Services.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5b807b336686ffb4e4953bac6a290c2e\System.Data.OracleClient.ni.dll
+ 2011-06-29 07:24 . 2011-06-29 07:24 2510848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\38de61c970936035c724d9112b0492c2\System.Data.Linq.ni.dll
+ 2011-06-29 07:30 . 2011-06-29 07:30 9903104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\3ea0809177a6ad11cec4d0c44ceabec8\System.Data.Entity.ni.dll
+ 2011-06-29 07:24 . 2011-06-29 07:24 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\96d0e10448a44c23429b31259c671d6c\System.Core.ni.dll
+ 2011-06-29 07:24 . 2011-06-29 07:24 2126848 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\1d864dab014da68e70f5371da9a18ef3\ReachFramework.ni.dll
+ 2011-06-29 07:24 . 2011-06-29 07:24 1657344 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\5a71be7bccf5075f869d8fa89dd61071\PresentationUI.ni.dll
+ 2011-06-29 07:23 . 2011-06-29 07:23 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b5a35786673dae8b0ad2a1d4e9d6a7d3\PresentationBuildTasks.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9f1873e790b879c0ad6052e145bc6407\Microsoft.VisualBasic.ni.dll
+ 2011-06-29 07:29 . 2011-06-29 07:29 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\074e496dfbfc20cc03a84f7fb19103aa\Microsoft.Transactions.Bridge.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\adef7a9ad9ba66c5414f8ddf93f31c2f\Microsoft.JScript.ni.dll
+ 2011-06-29 07:29 . 2011-06-29 07:29 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\8c8cc9a7b874aa919a83a9d52a523f8e\Microsoft.Build.Tasks.ni.dll
+ 2011-06-29 07:29 . 2011-06-29 07:29 1965568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1f31e72d2b2adda79bdfd0feeaaa4e87\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-06-29 07:29 . 2011-06-29 07:29 1886208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\78b34a01c004e8cc986696aee112f784\Microsoft.Build.Engine.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 1326592 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\60622c4846e8592814a8197cc044c8b2\Intuit.Ctg.Map.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 1552896 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\23b33eca711e2df785132b0e793e2de4\Intuit.Ctg.Map.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 2597376 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\97cf1e4deee4006d91d74fdb06e6694d\Infragistics2.Win.Misc.v8.2.ni.dll
+ 2011-06-29 07:14 . 2011-06-29 07:14 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-01-26 14:40 . 2010-01-26 14:40 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-01-26 14:39 . 2010-01-26 14:39 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2010-01-26 14:39 . 2010-01-26 14:39 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-29 07:14 . 2011-06-29 07:14 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-01-26 14:40 . 2010-01-26 14:40 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-01-26 14:46 . 2010-01-26 14:46 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-06-29 07:14 . 2011-06-29 07:14 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-06-29 07:22 . 2011-06-29 07:22 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-01-26 14:40 . 2010-01-26 14:40 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-11 07:00 . 2007-07-11 07:00 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-11 07:00 . 2007-07-11 07:00 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-06-29 07:19 . 2011-06-29 07:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2004-08-10 17:50 . 2004-08-04 10:00 1852416 c:\windows\AppPatch\AcGenral.dll
+ 2004-08-10 17:51 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2009-03-08 08:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2010-04-02 23:29 . 2010-04-02 23:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\2e594fb.msp
+ 2010-04-02 16:30 . 2010-04-02 16:30 17456640 c:\windows\Installer\2e594ea.msp
+ 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\2e594c8.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\2e594a2.msp

bshaw · Jun 30, 2011

+ 2003-08-06 18:24 . 2003-08-06 18:24 12037688 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2003-08-08 05:23 . 2003-08-08 05:23 12172336 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-08-13 07:34 . 2003-08-13 07:34 10073144 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2011-06-29 07:09 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-06-29 07:25 . 2011-06-29 07:25 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4a0512746f9f85805276d3fc20edab54\System.Windows.Forms.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\858ac7e88be379e730e638f615cb06b7\System.Web.ni.dll
+ 2011-06-29 07:27 . 2011-06-29 07:27 17401344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a290a77093ed2bd70167475103b79776\System.ServiceModel.ni.dll
+ 2011-06-29 07:25 . 2011-06-29 07:25 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\acd811957058108e632b385969f08acc\System.Design.ni.dll
+ 2011-06-29 07:24 . 2011-06-29 07:24 14325248 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\62e3a9f55aebd7e09003c711f3ccbd97\PresentationFramework.ni.dll
+ 2011-06-29 07:24 . 2011-06-29 07:24 12214272 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\04dbceaaee0fe9a89406e3b648f18217\PresentationCore.ni.dll
+ 2011-06-29 07:23 . 2011-06-29 07:23 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4b10d8196bb368996ec5d24fca777456\mscorlib.ni.dll
+ 2011-06-29 07:28 . 2011-06-29 07:28 10331648 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\29dcf7a9ad7cb8e6ab4104529a9751d2\Infragistics2.Win.v8.2.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 53248]
"tgcmd"="c:\program files\Support.com\BellSouth\hcenter.exe" [2005-08-31 1277952]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-22 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"NovaBackup 7 Tray Control"="c:\program files\StompSoft\PC BackUp\NbkCtrl.exe" [2007-01-30 402376]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"BellSouthAlertManager.exe"="c:\program files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 2061816]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [BU]
.
c:\documents and settings\Darell Blandshaw\Start Menu\Programs\Startup\
Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2008-10-21 557056]
Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2008-10-21 708608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ativa Wireless USB Utility.lnk - c:\program files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe [2006-8-29 1556480]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-1 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-5-24 724992]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\3apps\\Catapult\\3listen.exe"=
"c:\\3apps\\Catapult\\3lhelper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2/28/2007 11:41 PM 3456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 8:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/23/2008 1:56 PM 88176]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/3/2011 12:50 PM 632792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 10:27 AM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/3/2011 1:23 PM 366640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 10:27 AM 135664]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [12/29/2010 11:51 AM 408064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:27]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:27]
.
2011-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-23 15:53]
.
2011-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-23 15:53]
.
2011-06-30 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-01-03 22:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://smallbusiness.bellsouth.net/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Trusted Zone: wachovia.com
TCP: Interfaces\{86E114BA-0F17-437F-8660-2C26CCF4A375}: NameServer = 4.2.2.2,4.2.2.3
FF - ProfilePath - c:\documents and settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64970
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-30 10:49
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,cf,56,77,f4,e0,4b,4e,88,26,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,cf,56,77,f4,e0,4b,4e,88,26,1d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-30 10:51:41
ComboFix-quarantined-files.txt 2011-06-30 14:51
ComboFix2.txt 2011-06-28 17:37
.
Pre-Run: 137,721,135,104 bytes free
Post-Run: 137,748,127,744 bytes free
.
- - End Of File - - B5953CB381D7862AC95D7FE3C2077B52

bshaw · Jun 30, 2011

sorry for the amout of post it took to post, I didn't know another way to do it.

Broni · Jun 30, 2011

You did fine

How is redirection?

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

bshaw · Jul 1, 2011

The redirect is gone. thanks

here is the log from TDSSkiller

2011/07/01 15:53:41.0234 9172 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/01 15:53:43.0265 9172 ================================================================================
2011/07/01 15:53:43.0265 9172 SystemInfo:
2011/07/01 15:53:43.0265 9172
2011/07/01 15:53:43.0265 9172 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/01 15:53:43.0265 9172 Product type: Workstation
2011/07/01 15:53:43.0265 9172 ComputerName: DARELL
2011/07/01 15:53:43.0265 9172 UserName: Darell Blandshaw
2011/07/01 15:53:43.0265 9172 Windows directory: C:\WINDOWS
2011/07/01 15:53:43.0265 9172 System windows directory: C:\WINDOWS
2011/07/01 15:53:43.0265 9172 Processor architecture: Intel x86
2011/07/01 15:53:43.0265 9172 Number of processors: 2
2011/07/01 15:53:43.0265 9172 Page size: 0x1000
2011/07/01 15:53:43.0265 9172 Boot type: Normal boot
2011/07/01 15:53:43.0265 9172 ================================================================================
2011/07/01 15:53:43.0875 9172 Initialize success
2011/07/01 15:53:48.0703 9252 ================================================================================
2011/07/01 15:53:48.0703 9252 Scan started
2011/07/01 15:53:48.0703 9252 Mode: Manual;
2011/07/01 15:53:48.0703 9252 ================================================================================
2011/07/01 15:53:49.0625 9252 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/01 15:53:49.0718 9252 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/01 15:53:49.0781 9252 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/01 15:53:49.0890 9252 ADIHdAudAddService (f959f333a01f5c109e9d644c3bd8301c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/07/01 15:53:50.0062 9252 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/01 15:53:50.0187 9252 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/01 15:53:50.0265 9252 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/07/01 15:53:50.0312 9252 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/01 15:53:50.0406 9252 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/01 15:53:50.0515 9252 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/01 15:53:50.0593 9252 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/01 15:53:50.0703 9252 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/01 15:53:50.0812 9252 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/01 15:53:50.0875 9252 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/01 15:53:50.0921 9252 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/01 15:53:51.0000 9252 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/01 15:53:51.0093 9252 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/01 15:53:51.0187 9252 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/01 15:53:51.0296 9252 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/01 15:53:51.0406 9252 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/01 15:53:51.0484 9252 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/01 15:53:51.0625 9252 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/01 15:53:51.0890 9252 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys
2011/07/01 15:53:51.0968 9252 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/01 15:53:52.0031 9252 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/01 15:53:52.0078 9252 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/01 15:53:52.0218 9252 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/01 15:53:52.0312 9252 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/07/01 15:53:52.0562 9252 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/01 15:53:52.0656 9252 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/01 15:53:52.0687 9252 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/01 15:53:52.0765 9252 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/01 15:53:52.0812 9252 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/01 15:53:52.0828 9252 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/01 15:53:52.0953 9252 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/01 15:53:53.0046 9252 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/01 15:53:53.0156 9252 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/01 15:53:53.0234 9252 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/01 15:53:53.0343 9252 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/01 15:53:53.0406 9252 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/07/01 15:53:53.0500 9252 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/07/01 15:53:53.0546 9252 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/07/01 15:53:53.0625 9252 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/07/01 15:53:53.0734 9252 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/07/01 15:53:53.0812 9252 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/07/01 15:53:53.0921 9252 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/07/01 15:53:53.0968 9252 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/07/01 15:53:54.0031 9252 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/07/01 15:53:54.0140 9252 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/01 15:53:54.0265 9252 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/01 15:53:54.0328 9252 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/01 15:53:54.0421 9252 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/01 15:53:54.0656 9252 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/01 15:53:54.0828 9252 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/01 15:53:54.0921 9252 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/07/01 15:53:54.0953 9252 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/07/01 15:53:55.0046 9252 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/01 15:53:55.0187 9252 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/01 15:53:55.0234 9252 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/01 15:53:55.0281 9252 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/01 15:53:55.0375 9252 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/01 15:53:55.0484 9252 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/01 15:53:55.0531 9252 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/01 15:53:55.0609 9252 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/01 15:53:55.0656 9252 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/01 15:53:55.0828 9252 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/01 15:53:55.0953 9252 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/01 15:53:56.0062 9252 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/01 15:53:56.0156 9252 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/07/01 15:53:56.0250 9252 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/01 15:53:56.0453 9252 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/01 15:53:56.0515 9252 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/01 15:53:56.0593 9252 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/01 15:53:56.0656 9252 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/01 15:53:56.0765 9252 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/01 15:53:56.0843 9252 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/01 15:53:56.0906 9252 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/01 15:53:56.0984 9252 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/01 15:53:57.0109 9252 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/01 15:53:57.0203 9252 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/01 15:53:57.0437 9252 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/01 15:53:57.0500 9252 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/01 15:53:57.0609 9252 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/01 15:53:57.0687 9252 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/01 15:53:57.0734 9252 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/01 15:53:57.0796 9252 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/01 15:53:57.0890 9252 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/01 15:53:57.0937 9252 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/01 15:53:58.0343 9252 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/01 15:53:58.0453 9252 mfeavfk (2a5c22d126e1e806d6779f05c2aa8c2f) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/07/01 15:53:58.0484 9252 mfebopk (8e79451e5144669c1ed9c437e1162373) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/07/01 15:53:58.0515 9252 mfehidk (1377b0bb5e6fbe8475be0ed6edfbfbce) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/07/01 15:53:58.0578 9252 mferkdk (e30e485df0bf5df334ee93b0455d726f) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/07/01 15:53:58.0609 9252 mfesmfk (ea76fcf9aa1b1c44f12a0c26f17d4c37) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/07/01 15:53:58.0625 9252 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/01 15:53:58.0703 9252 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/01 15:53:58.0765 9252 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/01 15:53:58.0859 9252 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/01 15:53:58.0968 9252 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/01 15:53:59.0062 9252 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/01 15:53:59.0125 9252 MPFP (11ff330ac375f962dfadb43708a6d105) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/07/01 15:53:59.0171 9252 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/01 15:53:59.0265 9252 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/01 15:53:59.0328 9252 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/01 15:53:59.0359 9252 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/01 15:53:59.0406 9252 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/01 15:53:59.0484 9252 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/01 15:53:59.0578 9252 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/01 15:53:59.0656 9252 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/01 15:53:59.0734 9252 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/01 15:53:59.0781 9252 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/01 15:53:59.0812 9252 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/01 15:53:59.0843 9252 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/01 15:53:59.0921 9252 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/01 15:53:59.0953 9252 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/01 15:54:00.0015 9252 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/01 15:54:00.0046 9252 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/01 15:54:00.0203 9252 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/01 15:54:00.0265 9252 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/01 15:54:00.0343 9252 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/01 15:54:00.0500 9252 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/01 15:54:00.0687 9252 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/01 15:54:00.0734 9252 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/01 15:54:00.0828 9252 ODWGU(Ativa) (678d5ee988376f52e9ca7a312212173d) C:\WINDOWS\system32\DRIVERS\ODWGU.sys
2011/07/01 15:54:01.0015 9252 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/01 15:54:01.0109 9252 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/01 15:54:01.0171 9252 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/01 15:54:01.0250 9252 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/01 15:54:01.0343 9252 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/01 15:54:01.0406 9252 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/01 15:54:01.0609 9252 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/01 15:54:01.0671 9252 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/01 15:54:01.0781 9252 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/01 15:54:01.0875 9252 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/01 15:54:01.0968 9252 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/01 15:54:02.0078 9252 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/01 15:54:02.0125 9252 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/01 15:54:02.0218 9252 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/01 15:54:02.0312 9252 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/01 15:54:02.0406 9252 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/01 15:54:02.0468 9252 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/01 15:54:02.0578 9252 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/01 15:54:02.0718 9252 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/01 15:54:02.0812 9252 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/01 15:54:02.0906 9252 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/01 15:54:03.0000 9252 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/01 15:54:03.0078 9252 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/01 15:54:03.0203 9252 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/01 15:54:03.0296 9252 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/01 15:54:03.0437 9252 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/01 15:54:03.0593 9252 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/01 15:54:03.0671 9252 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/07/01 15:54:03.0718 9252 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/07/01 15:54:03.0875 9252 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/01 15:54:03.0953 9252 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/07/01 15:54:04.0062 9252 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/01 15:54:04.0109 9252 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/01 15:54:04.0218 9252 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/01 15:54:04.0375 9252 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/01 15:54:04.0546 9252 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/01 15:54:04.0828 9252 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/01 15:54:04.0890 9252 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/01 15:54:04.0984 9252 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/01 15:54:05.0031 9252 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/01 15:54:05.0125 9252 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/01 15:54:05.0265 9252 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/01 15:54:05.0343 9252 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/01 15:54:05.0453 9252 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/01 15:54:05.0546 9252 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/01 15:54:05.0671 9252 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/01 15:54:05.0796 9252 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/01 15:54:05.0859 9252 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/01 15:54:05.0921 9252 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/01 15:54:05.0984 9252 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/01 15:54:06.0109 9252 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/01 15:54:06.0234 9252 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/01 15:54:06.0328 9252 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/01 15:54:06.0468 9252 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/01 15:54:06.0546 9252 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/01 15:54:06.0640 9252 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/01 15:54:06.0734 9252 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/01 15:54:06.0859 9252 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/01 15:54:07.0000 9252 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/01 15:54:07.0093 9252 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/01 15:54:07.0187 9252 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/01 15:54:07.0296 9252 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/01 15:54:07.0343 9252 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/01 15:54:07.0437 9252 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/01 15:54:07.0484 9252 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/01 15:54:07.0625 9252 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/01 15:54:07.0718 9252 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/01 15:54:07.0906 9252 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/01 15:54:08.0031 9252 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/01 15:54:08.0156 9252 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/01 15:54:08.0359 9252 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/07/01 15:54:08.0437 9252 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/01 15:54:08.0578 9252 Boot (0x1200) (ec089e08b57f713f760f950bc8603d08) \Device\Harddisk0\DR0\Partition0
2011/07/01 15:54:08.0593 9252 ================================================================================
2011/07/01 15:54:08.0593 9252 Scan finished
2011/07/01 15:54:08.0593 9252 ================================================================================
2011/07/01 15:54:08.0609 9244 Detected object count: 0
2011/07/01 15:54:08.0609 9244 Actual detected object count: 0

bshaw · Jul 1, 2011

Question, I have some files on my desktop, what should I do with these.

asw.MBR.txt
MBR.dat
Report.txt
catchme.log

and also can I get rid of some of my anti spyware software, like spybot, and hit man pro. I just want to have one good one..

which do you suggest?

thanks

Broni · Jul 1, 2011

Good news

We're not done yet.
You can safely uninstall Spybot and HitmanPro.
Stay with Malwarebytes.

Now...

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

bshaw · Jul 5, 2011

OTL logfile created on: 7/5/2011 11:30:08 AM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Darell Blandshaw\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.90 Mb Total Physical Memory | 248.66 Mb Available Physical Memory | 25.12% Memory free
2.33 Gb Paging File | 1.65 Gb Available in Paging File | 70.76% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 127.80 Gb Free Space | 85.79% Space Free | Partition Type: NTFS

Computer Name: DARELL | User Name: Darell Blandshaw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/05 11:26:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darell Blandshaw\Desktop\OTL.exe
PRC - [2011/06/22 09:53:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/10/01 14:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/10/22 13:10:32 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/16 20:03:48 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/01/16 19:28:08 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/01/09 14:48:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/01/09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/01/08 21:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/01/08 21:30:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/07/07 11:39:10 | 001,765,376 | ---- | M] () -- C:\3apps\Catapult\Na.exe
PRC - [2008/07/07 11:37:34 | 000,557,056 | ---- | M] () -- C:\3apps\Catapult\3listen.exe
PRC - [2008/07/07 11:27:56 | 000,049,152 | ---- | M] () -- C:\3apps\Catapult\appipc.exe
PRC - [2007/06/21 15:47:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 03:59:23 | 000,349,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
PRC - [2007/05/10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/01/30 11:24:10 | 000,177,096 | ---- | M] (StompSoft, Inc.) -- C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe
PRC - [2007/01/30 11:24:08 | 000,402,376 | ---- | M] (StompSoft, Inc.) -- C:\Program Files\StompSoft\PC BackUp\NBKCTRL.exe
PRC - [2007/01/28 12:14:50 | 002,061,816 | ---- | M] (BellSouth) -- C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
PRC - [2006/09/19 08:04:26 | 000,065,536 | ---- | M] () -- C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe
PRC - [2006/08/29 14:28:34 | 001,556,480 | ---- | M] (Belkin) -- C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/31 14:16:24 | 001,855,488 | ---- | M] (BellSouth) -- C:\Program Files\Support.com\bin\tgcmd.exe
PRC - [2004/05/19 14:03:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\P32help.exe

========== Modules (SafeList) ==========

MOD - [2011/07/05 11:26:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darell Blandshaw\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2006/08/25 09:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/08/31 14:16:02 | 000,045,056 | ---- | M] (Support.com, Inc.) -- C:\Program Files\Support.com\bin\sdchook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/01 14:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/01/17 07:33:02 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/01/16 20:03:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/01/16 19:28:08 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/01/09 14:48:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/01/09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/01/08 21:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/06/21 15:47:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/01/30 11:24:10 | 000,177,096 | ---- | M] (StompSoft, Inc.) [Auto | Running] -- C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe -- (NsEngine)
SRV - [2006/09/19 08:04:26 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe -- (NMSAccess)

========== Driver Services (SafeList) ==========

DRV - [2010/01/05 08:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 08:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 08:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/01/09 13:03:40 | 000,213,640 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/01/09 13:03:40 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/01/09 13:03:40 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/01/09 13:03:40 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/01/09 13:03:06 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/10/23 14:08:54 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/09/14 04:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/09/06 06:13:42 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/07 16:23:30 | 000,408,064 | R--- | M] (Ativa Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ODWGU.sys -- (ODWGU(Ativa)) Ativa Wireless G USB Network Adapter(Ativa)
DRV - [2006/05/17 04:03:24 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 11:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

bshaw · Jul 5, 2011

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://smallbusiness.bellsouth.net/
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000002
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64970
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/27 15:54:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 09:53:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 09:53:53 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/27 15:54:10 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 09:53:53 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 09:53:53 | 000,000,000 | ---D | M]

[2009/10/22 13:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Extensions
[2009/10/22 13:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/07/05 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions
[2011/07/05 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/06 15:43:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions\moveplayer@movenetworks.com
[2011/07/05 09:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions\staged-xpis
[2010/12/27 11:04:16 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\searchplugins\askcom.xml
[2011/07/01 11:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/22 13:10:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/27 15:54:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/11 12:50:50 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/30 10:49:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NovaBackup 7 Tray Control] C:\Program Files\StompSoft\PC BackUp\NbkCtrl.exe (StompSoft, Inc.)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\Support.com\BellSouth\hcenter.exe (BellSouth)
O4 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ativa Wireless USB Utility.lnk = C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\Darell Blandshaw\Start Menu\Programs\Startup\Eagle Listener.lnk = C:\3apps\Catapult\3listen.exe ()
O4 - Startup: C:\Documents and Settings\Darell Blandshaw\Start Menu\Programs\Startup\Eagle Scheduler.lnk = C:\3apps\Catapult\Sched.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: wachovia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} https://wc.wachovia.com/common/cab/ikcntrls.cab (Ikonic Menu Control)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/21 15:45:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2008/10/21 15:45:23 | 000,000,034 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 11:26:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Darell Blandshaw\Desktop\OTL.exe
[2011/07/01 15:50:19 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Darell Blandshaw\Desktop\tdsskiller.exe
[2011/06/30 10:40:13 | 000,000,000 | ---D | C] -- C:\darell
[2011/06/29 03:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/29 03:04:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/28 13:24:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/28 13:23:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/28 13:23:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/28 13:23:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/28 13:23:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/28 13:04:43 | 004,129,523 | R--- | C] (Swearware) -- C:\Documents and Settings\Darell Blandshaw\Desktop\darell.exe
[2011/06/23 09:24:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/23 09:24:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/22 10:42:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/20 13:50:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Darell Blandshaw\Start Menu\Programs\Administrative Tools
[2011/06/20 12:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/20 12:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/10 15:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/10 15:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/10 12:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/10 11:26:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Darell Blandshaw\Recent
[2011/06/10 11:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UnHackMe
[2011/06/10 11:01:42 | 000,039,192 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2011/06/10 11:01:42 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2011/06/10 11:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\My Documents\RegRun2
[2011/06/10 11:01:24 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2011/06/10 11:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2011/06/09 12:20:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/08 14:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\My Documents\My Google Gadgets
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/05 11:26:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darell Blandshaw\Desktop\OTL.exe
[2011/07/05 11:04:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/05 09:51:17 | 000,049,821 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/07/05 09:50:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 09:50:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/05 09:50:14 | 1038,061,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 09:47:44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/07/03 03:12:03 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/03 03:12:03 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/01 17:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 15:50:19 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Darell Blandshaw\Desktop\tdsskiller.exe
[2011/07/01 01:00:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2011/06/30 10:49:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/30 10:40:39 | 004,129,523 | R--- | M] (Swearware) -- C:\Documents and Settings\Darell Blandshaw\Desktop\darell.exe
[2011/06/30 03:01:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/29 03:39:35 | 000,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/28 13:24:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/21 13:23:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\MBR.dat
[2011/06/20 12:36:08 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/15 01:08:38 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2011/06/10 12:58:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/10 12:23:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/10 11:28:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/10 11:01:42 | 000,039,192 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2011/06/10 11:01:42 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2011/06/10 11:01:29 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/10 11:01:29 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/06/08 13:14:43 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407204r
[2011/06/08 13:14:43 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407204
[2011/06/08 12:36:09 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18407204
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tubulunu
[2011/06/28 13:24:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/28 13:24:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/28 13:23:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/28 13:23:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/28 13:23:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/28 13:23:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/28 13:23:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/21 13:23:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\MBR.dat
[2011/06/20 12:09:47 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/10 12:23:34 | 000,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/06/08 14:02:14 | 1038,061,568 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/08 12:36:12 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407204r
[2011/06/08 12:36:11 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18407204
[2011/06/08 12:36:08 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18407204
[2011/01/03 12:51:11 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/12/03 12:26:18 | 000,050,705 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\641A.3C0
[2008/10/21 15:45:25 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\Usqlcs32.dll
[2008/10/21 15:45:25 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\Ccmove32.dll
[2008/10/21 15:45:25 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\Ccchng32.dll
[2008/10/21 15:45:21 | 001,929,216 | ---- | C] () -- C:\WINDOWS\System32\PDFDLL32.DLL
[2008/10/21 15:45:17 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LFDRW14N.DLL
[2008/10/21 15:44:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\tmusbvb.dll
[2008/10/21 15:44:36 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\P3jpg32.dll
[2008/10/21 15:44:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\P32help.exe
[2008/10/21 15:41:04 | 000,004,254 | ---- | C] () -- C:\WINDOWS\3apps.ini
[2008/10/06 11:53:26 | 000,048,397 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[2008/09/08 13:10:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/07 14:27:51 | 001,646,592 | ---- | C] () -- C:\WINDOWS\System32\3wpn10.dll
[2008/07/07 14:27:45 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\3web.dll
[2008/07/07 14:27:12 | 012,517,376 | ---- | C] () -- C:\WINDOWS\System32\3viewA10.dll
[2008/07/07 14:25:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\3view10.dll
[2008/07/07 14:25:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\3rsmhtml.dll
[2008/07/07 14:25:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\3inslc10.dll
[2008/07/07 14:24:51 | 000,643,072 | ---- | C] () -- C:\WINDOWS\System32\3enum10.dll
[2008/07/07 14:24:15 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\n_uptrxns.dll
[2008/07/07 14:24:10 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\n_tqf.dll
[2008/07/07 14:24:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\n_signon.dll
[2008/07/07 14:23:55 | 003,891,200 | ---- | C] () -- C:\WINDOWS\System32\n_roa.dll
[2008/07/07 14:23:30 | 002,670,592 | ---- | C] () -- C:\WINDOWS\System32\n_qfind.dll
[2008/07/07 14:23:08 | 002,744,320 | ---- | C] () -- C:\WINDOWS\System32\n_prtlbl.dll
[2008/07/07 14:22:40 | 006,336,512 | ---- | C] () -- C:\WINDOWS\System32\n_pos.dll
[2008/07/07 14:21:45 | 008,716,288 | ---- | C] () -- C:\WINDOWS\System32\n_po.dll
[2008/07/07 14:21:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\n_na.dll
[2008/07/07 14:20:56 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\n_mvr.dll
[2008/07/07 14:20:39 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\n_mkrentcr.dll
[2008/07/07 14:20:18 | 006,426,624 | ---- | C] () -- C:\WINDOWS\System32\n_mcr.dll
[2008/07/07 14:19:49 | 001,691,648 | ---- | C] () -- C:\WINDOWS\System32\n_lhelper.dll
[2008/07/07 14:19:13 | 010,002,432 | ---- | C] () -- C:\WINDOWS\System32\n_imu.dll
[2008/07/07 14:18:14 | 006,504,448 | ---- | C] () -- C:\WINDOWS\System32\n_gl.dll
[2008/07/07 14:17:45 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\n_getoffln.dll
[2008/07/07 14:17:12 | 010,539,008 | ---- | C] () -- C:\WINDOWS\System32\n_ebrowser.dll
[2008/07/07 14:16:28 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\n_desklnk.dll
[2008/07/07 14:16:19 | 002,199,552 | ---- | C] () -- C:\WINDOWS\System32\n_catalog.dll
[2008/07/07 14:15:58 | 004,952,064 | ---- | C] () -- C:\WINDOWS\System32\n_bmgr.dll
[2008/07/07 14:15:22 | 002,904,064 | ---- | C] () -- C:\WINDOWS\System32\n_atmu.dll
[2008/07/07 14:15:02 | 002,588,672 | ---- | C] () -- C:\WINDOWS\System32\n_3wpn10.dll
[2008/07/07 14:14:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\n_3viewmgr.dll
[2008/07/07 14:14:52 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\n_3viewimp.dll
[2008/07/07 14:14:20 | 010,526,720 | ---- | C] () -- C:\WINDOWS\System32\n_3viewA10.dll
[2008/07/07 14:13:37 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\n_3usql.dll
[2008/07/07 14:13:23 | 002,424,832 | ---- | C] () -- C:\WINDOWS\System32\n_3spsif.dll
[2008/07/07 14:13:11 | 001,429,504 | ---- | C] () -- C:\WINDOWS\System32\n_3spmif.dll
[2008/07/07 14:12:56 | 003,919,872 | ---- | C] () -- C:\WINDOWS\System32\n_3spimp.dll
[2008/07/07 14:12:42 | 000,802,816 | ---- | C] () -- C:\WINDOWS\System32\n_3sku11.dll
[2008/07/07 14:12:37 | 000,802,816 | ---- | C] () -- C:\WINDOWS\System32\n_3simp.dll
[2008/07/07 14:12:21 | 002,347,008 | ---- | C] () -- C:\WINDOWS\System32\n_3scanner.dll
[2008/07/07 14:12:02 | 004,390,912 | ---- | C] () -- C:\WINDOWS\System32\n_3rsc.dll
[2008/07/07 14:11:28 | 007,110,656 | ---- | C] () -- C:\WINDOWS\System32\n_3lw.dll
[2008/07/07 14:10:55 | 001,380,352 | ---- | C] () -- C:\WINDOWS\System32\n_3hhi.dll
[2008/07/07 14:10:50 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\n_3filcpy.dll
[2008/07/07 14:10:43 | 001,740,800 | ---- | C] () -- C:\WINDOWS\System32\n_3devcfg.dll
[2008/07/07 14:10:20 | 006,385,664 | ---- | C] () -- C:\WINDOWS\System32\n_3archive.dll
[2008/07/07 14:08:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\3print10.dll
[2007/07/09 12:17:13 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/07/09 12:17:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/07/09 12:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/07/09 12:17:04 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI
[2007/07/09 12:16:37 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/07/09 12:16:37 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5240.DAT
[2007/06/21 10:56:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/06/21 10:55:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2007/05/24 16:09:58 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2007/05/24 16:09:58 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2007/05/08 15:26:58 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\fusioncache.dat
[2007/03/01 00:09:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/03/01 00:06:02 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/01 00:05:20 | 000,001,392 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/28 23:41:06 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/02/28 23:40:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/02/28 23:40:46 | 000,000,389 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/12/19 09:29:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 09:17:10 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,158,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/03/14 13:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 14:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 19:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 10:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 09:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2000/12/03 12:09:44 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\Torero1n.dll
[2000/04/12 19:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 19:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2000/03/22 12:42:52 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\Tscmg4n.dll
[2000/03/22 12:42:20 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\Toril1n.dll
[1999/03/11 13:43:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\3hist10.dll
[1997/11/25 08:54:04 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Mfldll32.dll
[1997/11/25 08:53:56 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Mffdib32.dll

========== LOP Check ==========

[2007/06/21 11:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2009/09/30 10:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4AC24A4B
[2011/06/20 12:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/05 09:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/04 12:20:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D2E28092-1950-4945-9895-A709AFF3AABD}
[2007/06/21 11:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\BellSouth
[2010/09/20 13:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\FXTS2
[2009/03/16 14:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Leadertech
[2011/06/10 12:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire
[2011/01/03 12:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Registry Mechanic
[2009/01/21 17:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/06/15 01:08:38 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2011/07/01 01:00:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2011/07/05 09:47:44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/10/21 15:45:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.001
[2008/10/21 15:45:23 | 000,000,034 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/06/21 10:56:11 | 009,630,336 | ---- | M] () -- C:\BellSouthIW.re~
[2011/06/10 12:23:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/28 13:24:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/06/30 10:51:42 | 000,189,956 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/28 23:42:36 | 000,005,494 | RH-- | M] () -- C:\dell.sdr
[2011/07/05 09:50:14 | 1038,061,568 | -HS- | M] () -- C:\hiberfil.sys
[2007/07/06 16:47:10 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/07/05 09:50:12 | 1560,281,088 | -HS- | M] () -- C:\pagefile.sys
[2011/06/28 13:21:54 | 000,000,401 | ---- | M] () -- C:\rkill.log
[2011/07/01 15:55:42 | 000,051,298 | ---- | M] () -- C:\TDSSKiller.2.5.8.0_01.07.2011_15.53.41_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 16:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/06/21 14:16:02 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/08/10 14:04:12 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/05/08 15:27:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2008/12/30 11:43:56 | 023,804,784 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\aaw2008.exe
[2011/06/30 10:40:39 | 004,129,523 | R--- | M] (Swearware) -- C:\Documents and Settings\Darell Blandshaw\Desktop\darell.exe
[2008/12/23 13:44:33 | 001,226,248 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Darell Blandshaw\Desktop\DMSetup.exe
[2011/01/03 13:56:06 | 008,224,280 | ---- | M] (FXCM ) -- C:\Documents and Settings\Darell Blandshaw\Desktop\FXTS2Install(2).EXE
[2010/05/03 15:48:23 | 017,814,819 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\FXTS2Install.EXE
[2011/03/08 16:06:45 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Darell Blandshaw\Desktop\install_flash_player(3).exe
[2008/09/09 13:05:35 | 001,495,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Darell Blandshaw\Desktop\install_flash_player.exe
[2009/10/22 13:09:19 | 018,665,720 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Darell Blandshaw\Desktop\LimeWireWin.exe
[2011/01/03 13:23:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Darell Blandshaw\Desktop\mbam-setup-1.50.1.1100.exe
[2009/07/10 14:24:47 | 012,928,042 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\MICROLOTFXTS2Install.EXE
[2011/07/05 11:26:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darell Blandshaw\Desktop\OTL.exe
[2010/06/08 14:13:25 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Darell Blandshaw\Desktop\QuickTimeInstaller.exe
[2009/03/16 14:28:01 | 031,373,472 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\R158510.EXE
[2009/03/16 14:23:17 | 030,527,088 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\R159293.EXE
[2011/01/03 12:50:20 | 015,992,432 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Darell Blandshaw\Desktop\rminstall.exe
[2010/01/15 13:49:31 | 000,589,824 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\setup(2).exe
[2011/07/01 15:50:19 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Darell Blandshaw\Desktop\tdsskiller.exe
[2008/10/06 11:52:13 | 004,092,943 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\veetle-0.9.7.exe
[2010/10/22 13:08:40 | 001,135,080 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\yahoomailuploader_0.5.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/10/21 15:40:01 | 008,658,288 | ---- | M] (ATT Internet Services ) -- C:\Documents and Settings\Darell Blandshaw\HC43SInstaller.exe
[2010/12/06 12:26:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\mstsc.exe

< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/05/08 15:27:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Darell Blandshaw\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/05 09:55:58 | 000,114,688 | -HS- | M] () -- C:\Documents and Settings\Darell Blandshaw\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 06:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 02:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 12:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2

< End of report >

bshaw · Jul 5, 2011

OTL Extras logfile created on: 7/5/2011 11:30:08 AM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Darell Blandshaw\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.90 Mb Total Physical Memory | 248.66 Mb Available Physical Memory | 25.12% Memory free
2.33 Gb Paging File | 1.65 Gb Available in Paging File | 70.76% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 127.80 Gb Free Space | 85.79% Space Free | Partition Type: NTFS

Computer Name: DARELL | User Name: Darell Blandshaw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled

xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA3FFE3-B30C-497E-8F83-1A4D6BD9041F}" = Ativa Wireless USB Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{293B2D75-5735-4DFE-8642-F0EDEE9EB064}" = TurboTax 2010 wgaiper
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2b02f826-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Contractor Edition 2004
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD OD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7159715B-8F47-48FD-AC90-71A60D32A01B}" = PC BackUp
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7D3A6B8F-45C1-4814-967E-6D84BBB868CD}" = ATI Catalyst Control Center
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{840607F9-44C8-4282-95F3-5A196AC5C80A}" = Brother HL-5240
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"BellSouth" = BellSouth FastAccess DSL Help Center
"BellSouth Application Management" = BellSouth Application Management
"blstoolbar" = BellSouth Toolbar 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Eagle for Windows" = Eagle for Windows
"Eagle for Windows Training Browser" = Eagle for Windows Training Browser
"FXCM Trading Station" = FXCM Trading Station
"ie8" = Windows Internet Explorer 8
"InstallShield_{1BA3FFE3-B30C-497E-8F83-1A4D6BD9041F}" = Ativa Wireless USB Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.5.11
"Registry Mechanic_is1" = Registry Mechanic 10.0
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2005" = TurboTax Premier 2005
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GFFOREX Forex Trading " = GFFOREX Forex Trading
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2011 9:49:58 AM | Computer Name = DARELL | Source = Application Hang | ID = 1002
Description = Hanging application Na.exe, version 17.2166.0.72, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2011 9:50:15 AM | Computer Name = DARELL | Source = Application Hang | ID = 1002
Description = Hanging application Na.exe, version 17.2166.0.72, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2011 10:18:33 AM | Computer Name = DARELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x0017de3f.

Error - 6/20/2011 1:25:00 PM | Computer Name = DARELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x001474b2.

Error - 6/20/2011 1:42:45 PM | Computer Name = DARELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2011 3:14:26 PM | Computer Name = DARELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000118c5.

Error - 6/20/2011 4:07:07 PM | Computer Name = DARELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2011 4:07:09 PM | Computer Name = DARELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2011 9:43:40 AM | Computer Name = DARELL | Source = Application Hang | ID = 1002
Description = Hanging application ComboFix.exe, version 11.6.21.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/28/2011 1:21:11 PM | Computer Name = DARELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008cb40.

[ System Events ]
Error - 6/30/2011 3:18:26 AM | Computer Name = DARELL | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 6/30/2011 9:51:05 AM | Computer Name = DARELL | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 6/30/2011 9:51:05 AM | Computer Name = DARELL | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 6/30/2011 10:40:07 AM | Computer Name = DARELL | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/30/2011 10:41:53 AM | Computer Name = DARELL | Source = Service Control Manager | ID = 7034
Description = The NMSAccess service terminated unexpectedly. It has done this 1
time(s).

Error - 7/3/2011 3:21:51 AM | Computer Name = DARELL | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 7/3/2011 3:24:28 AM | Computer Name = DARELL | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 7/3/2011 3:24:28 AM | Computer Name = DARELL | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 7/5/2011 9:50:34 AM | Computer Name = DARELL | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 7/5/2011 9:50:34 AM | Computer Name = DARELL | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

< End of report >

bshaw · Jul 5, 2011

I also uninstalled hitman pro and spybot..

Broni · Jul 5, 2011

Very good

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

=================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
[2010/12/27 11:04:16 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\searchplugins\askcom.xml
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ISUSScheduler] File not found
O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: wachovia.com ([]https in Trusted sites)
[2011/06/20 12:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/20 12:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/10 15:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/10 15:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/10 11:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\My Documents\RegRun2
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/06/08 13:14:43 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407204r
[2011/06/08 13:14:43 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407204
[2011/06/08 12:36:09 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18407204
[2011/06/20 12:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/10 12:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire
[2011/01/03 12:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Registry Mechanic
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

==================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

bshaw · Jul 6, 2011

Error: Unable to interpret <s.js..browser.search.defaultengine: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "Ask.com"> in the current context!
Error: Unable to interpret <[2010/12/27 11:04:16 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\searchplugins\askcom.xml> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ISUSScheduler] File not found> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: wachovia.com ([]https in Trusted sites)> in the current context!
Error: Unable to interpret <[2011/06/20 12:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5> in the current context!
Error: Unable to interpret <[2011/06/20 12:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro> in the current context!
Error: Unable to interpret <[2011/06/10 15:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy> in the current context!
Error: Unable to interpret <[2011/06/10 15:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy> in the current context!
Error: Unable to interpret <[2011/06/10 11:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\My Documents\RegRun2> in the current context!
Error: Unable to interpret <[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2011/06/08 13:14:43 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407204r> in the current context!
Error: Unable to interpret <[2011/06/08 13:14:43 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18407204> in the current context!
Error: Unable to interpret <[2011/06/08 12:36:09 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18407204> in the current context!
Error: Unable to interpret <[2011/06/20 12:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro> in the current context!
Error: Unable to interpret <[2011/06/10 12:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire> in the current context!
Error: Unable to interpret <[2011/01/03 12:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Registry Mechanic> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

1B5B4F1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.

OTL by OldTimer - Version 3.2.26.0 log created on 07062011_122843

bshaw · Jul 6, 2011

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Mozilla Firefox (3.6.18)
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
``````````End of Log````````````

bshaw · Jul 6, 2011

C:\Program Files\blstoolbar\blstoolbar.dll probably a variant of Win32/Adware.BHO.MegaSearch application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1460\A0050117.ini Win32/Adware.Virtumonde.NEO application

bshaw · Jul 6, 2011

ok, I have done everything... one question, I have a lot of files on my desktop, a lot of these text logs, which ones can i erase?

Broni · Jul 6, 2011

I'll tell you about those file in a moment.

Your OTL fix log is incorrect.
It looks like you didn't copy my whole script, especially a "colon" in front of "OTL" (first line).
Please, redo.

bshaw · Jul 8, 2011

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\searchplugins\askcom.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wachovia.com\ deleted successfully.
C:\Program Files\Hitman Pro 3.5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Hitman Pro folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\My Documents\RegRun2 folder moved successfully.
File/Folder C:\WINDOWS\System32\*.tmp not found.
C:\Documents and Settings\All Users\Application Data\~18407204r moved successfully.
C:\Documents and Settings\All Users\Application Data\~18407204 moved successfully.
C:\Documents and Settings\All Users\Application Data\18407204 moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\Hitman Pro\ not found.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\xml\data folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\xml folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\uploads.dat folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\promotion folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\mozilla-profile folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\certificate folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser\xulrunner folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\browser folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\LimeWire folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\Registry Mechanic\log folder moved successfully.
C:\Documents and Settings\Darell Blandshaw\Application Data\Registry Mechanic folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP

1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Darell Blandshaw
->Temp folder emptied: 54868 bytes
->Temporary Internet Files folder emptied: 9650382 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100671500 bytes
->Flash cache emptied: 4373 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: FxTrading

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3074 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 105.00 mb

[EMPTYFLASH]

User: All Users

User: Darell Blandshaw
->Flash cache emptied: 0 bytes

User: Default User

User: FxTrading

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.0 log created on 07082011_154858

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Broni · Jul 8, 2011

Now you did it

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL

:Services

:Reg

:Files
C:\Program Files\blstoolbar\blstoolbar.dll

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 3 installation!!!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

bshaw · Jul 11, 2011

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Darell Blandshaw
->Temp folder emptied: 54215 bytes
->Temporary Internet Files folder emptied: 8494827 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77800680 bytes
->Flash cache emptied: 2113 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: FxTrading

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 595986 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3922 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb

[EMPTYFLASH]

User: All Users

User: Darell Blandshaw
->Flash cache emptied: 0 bytes

User: Default User

User: FxTrading

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.26.0 log created on 07112011_143430

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

bshaw · Jul 11, 2011

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Darell Blandshaw
->Temp folder emptied: 54215 bytes
->Temporary Internet Files folder emptied: 8494827 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77800680 bytes
->Flash cache emptied: 2113 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: FxTrading

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 595986 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3922 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb

[EMPTYFLASH]

User: All Users

User: Darell Blandshaw
->Flash cache emptied: 0 bytes

User: Default User

User: FxTrading

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.26.0 log created on 07112011_143430

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

bshaw · Jul 11, 2011

sorry for the double post

bshaw · Jul 11, 2011

As far as the TFC, where can I find that.. sorry for the ignorance....

bshaw · Jul 11, 2011

so far my computer is doing fine. thanks, you guys are fantastic. now maybe you can help me with my computer at home.. LOL

Broni · Jul 11, 2011

TFC should be on your desktop.
If it's not...
Download Temp File Cleaner (TFC)

Way to go!!

Good luck and stay safe

Solved Browser redirect

Posts: 76 +0

Posts: 76 +0

Posts: 76 +0

Posts: 56,041 +516

Posts: 76 +0

Posts: 76 +0

Posts: 56,041 +516

Posts: 76 +0

Posts: 76 +0

Posts: 76 +0

Posts: 76 +0

Posts: 56,041 +516

Posts: 76 +0

Posts: 76 +0

Posts: 76 +0

Posts: 76 +0

Posts: 56,041 +516

Posts: 76 +0

Posts: 56,041 +516

Posts: 76 +0

Posts: 76 +0

Posts: 76 +0

Posts: 76 +0

Posts: 76 +0

Posts: 56,041 +516

Similar threads