TechSpot

Google redirect virus again

Solved
By bshaw
Feb 8, 2012
  1. hello, I had this problem before and you guys fixed it, but now my google searches are redirected, the browser moves slow and my google docs won't pull up. I have this problem on both google chrome and firefox. yahoo search seems to work fine. I followed the instructions and here is my logs:


    Protection: Enabled

    2/8/2012 12:38:37 PM
    mbam-log-2012-02-08 (12-38-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 215815
    Time elapsed: 14 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ------------------------------------------------------------------------------------


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-08 13:03:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3160812AS rev.3.ADJ
    Running: cjd93v98.exe; Driver: C:\DOCUME~1\DARELL~1\LOCALS~1\Temp\pwtdapow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
  2. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/8/2007 3:26:43 PM
    System Uptime: 2/8/2012 10:04:48 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0MH651
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2800/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 110.258 GiB free.
    D: is CDROM (CDFS)
    Z: is NetworkDisk (NTFS) - 149 GiB total, 54.26 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1616: 11/25/2011 4:51:23 PM - System Checkpoint
    RP1617: 11/26/2011 4:53:10 PM - System Checkpoint
    RP1618: 11/27/2011 5:53:29 PM - System Checkpoint
    RP1619: 11/28/2011 5:58:29 PM - System Checkpoint
    RP1620: 11/29/2011 6:57:24 PM - System Checkpoint
    RP1621: 11/30/2011 7:34:37 PM - System Checkpoint
    RP1622: 12/1/2011 8:34:38 PM - System Checkpoint
    RP1623: 12/2/2011 9:34:38 PM - System Checkpoint
    RP1624: 12/3/2011 10:34:36 PM - System Checkpoint
    RP1625: 12/4/2011 11:34:36 PM - System Checkpoint
    RP1626: 12/6/2011 12:34:27 AM - System Checkpoint
    RP1627: 12/7/2011 1:34:26 AM - System Checkpoint
    RP1628: 12/8/2011 2:34:27 AM - System Checkpoint
    RP1629: 12/9/2011 3:34:27 AM - System Checkpoint
    RP1630: 12/10/2011 4:34:26 AM - System Checkpoint
    RP1631: 12/11/2011 5:34:26 AM - System Checkpoint
    RP1632: 12/12/2011 6:34:27 AM - System Checkpoint
    RP1633: 12/13/2011 7:32:12 AM - System Checkpoint
    RP1634: 12/14/2011 7:41:31 AM - System Checkpoint
    RP1635: 12/15/2011 8:41:32 AM - System Checkpoint
    RP1636: 12/16/2011 9:41:29 AM - System Checkpoint
    RP1637: 12/17/2011 10:41:31 AM - System Checkpoint
    RP1638: 12/18/2011 11:41:29 AM - System Checkpoint
    RP1639: 12/19/2011 2:07:49 PM - System Checkpoint
    RP1640: 12/20/2011 2:23:45 PM - System Checkpoint
    RP1641: 12/21/2011 4:53:37 PM - System Checkpoint
    RP1642: 12/22/2011 5:51:51 PM - System Checkpoint
    RP1643: 12/23/2011 6:51:53 PM - System Checkpoint
    RP1644: 12/24/2011 7:51:52 PM - System Checkpoint
    RP1645: 12/25/2011 8:51:51 PM - System Checkpoint
    RP1646: 12/26/2011 9:51:37 PM - System Checkpoint
    RP1647: 12/27/2011 10:51:38 PM - System Checkpoint
    RP1648: 12/28/2011 11:51:38 PM - System Checkpoint
    RP1649: 12/30/2011 12:51:38 AM - System Checkpoint
    RP1650: 12/31/2011 1:51:38 AM - System Checkpoint
    RP1651: 1/1/2012 2:51:38 AM - System Checkpoint
    RP1652: 1/2/2012 3:51:37 AM - System Checkpoint
    RP1653: 1/3/2012 4:49:20 AM - System Checkpoint
    RP1654: 1/4/2012 5:49:21 AM - System Checkpoint
    RP1655: 1/5/2012 6:49:22 AM - System Checkpoint
    RP1656: 1/6/2012 7:49:21 AM - System Checkpoint
    RP1657: 1/7/2012 8:49:19 AM - System Checkpoint
    RP1658: 1/8/2012 9:49:18 AM - System Checkpoint
    RP1659: 1/9/2012 2:40:15 PM - System Checkpoint
    RP1660: 1/9/2012 4:21:21 PM - Installed Windows XP Service Pack 3.
    RP1661: 1/9/2012 4:33:58 PM - Installed Windows XP KB2229593.
    RP1662: 1/9/2012 4:34:35 PM - Installed Windows XP KB923561.
    RP1663: 1/9/2012 4:35:17 PM - Installed Windows XP KB938464.
    RP1664: 1/9/2012 4:35:55 PM - Installed Windows XP KB946648.
    RP1665: 1/9/2012 4:36:40 PM - Installed Windows XP KB950762.
    RP1666: 1/9/2012 4:37:18 PM - Installed Windows XP KB950974.
    RP1667: 1/9/2012 4:37:57 PM - Installed Windows XP KB951066.
    RP1668: 1/9/2012 4:38:45 PM - Installed Windows XP KB951376.
    RP1669: 1/9/2012 4:39:24 PM - Installed Windows XP KB951376-v2.
    RP1670: 1/9/2012 4:40:02 PM - Installed Windows XP KB951698.
    RP1671: 1/9/2012 4:40:41 PM - Installed Windows XP KB951748.
    RP1672: 1/9/2012 4:41:57 PM - Installed Windows XP KB952004.
    RP1673: 1/9/2012 4:42:44 PM - Installed Windows XP KB952287.
    RP1674: 1/9/2012 4:43:20 PM - Installed Windows XP KB952954.
    RP1675: 1/9/2012 4:44:02 PM - Installed Windows XP KB954211.
    RP1676: 1/9/2012 4:44:41 PM - Installed Windows XP KB954600.
    RP1677: 1/9/2012 4:45:18 PM - Installed Windows XP KB974112.
    RP1678: 1/9/2012 4:46:44 PM - Installed Windows XP KB955069.
    RP1679: 1/9/2012 4:47:21 PM - Installed Windows XP KB973687.
    RP1680: 1/9/2012 4:48:06 PM - Installed Windows XP KB955759.
    RP1681: 1/9/2012 4:49:01 PM - Installed Windows XP KB956572.
    RP1682: 1/9/2012 4:49:45 PM - Installed Windows XP KB956802.
    RP1683: 1/9/2012 4:50:25 PM - Installed Windows XP KB956803.
    RP1684: 1/9/2012 4:51:40 PM - Installed Windows XP KB956841.
    RP1685: 1/9/2012 4:52:19 PM - Installed Windows XP KB956844.
    RP1686: 1/9/2012 4:53:41 PM - Installed Windows XP KB957095.
    RP1687: 1/9/2012 4:54:26 PM - Installed Windows XP KB957097.
    RP1688: 1/9/2012 4:55:11 PM - Installed Windows XP KB958644.
    RP1689: 1/9/2012 4:55:51 PM - Installed Windows XP KB959426.
    RP1690: 1/9/2012 4:56:37 PM - Installed Windows XP KB960225.
    RP1691: 1/9/2012 4:57:19 PM - Installed Windows XP KB960803.
    RP1692: 1/9/2012 4:58:01 PM - Installed Windows XP KB960859.
    RP1693: 1/9/2012 4:58:44 PM - Installed Windows XP KB961118.
    RP1694: 1/9/2012 4:59:36 PM - Installed Windows XP KB961501.
    RP1695: 1/9/2012 5:00:17 PM - Installed Windows XP KB967715.
    RP1696: 1/9/2012 5:01:04 PM - Installed Windows XP KB968389.
    RP1697: 1/9/2012 5:01:43 PM - Installed Windows XP KB969059.
    RP1698: 1/9/2012 5:02:27 PM - Installed Windows XP KB970238.
    RP1699: 1/9/2012 5:03:06 PM - Installed Windows XP KB970430.
    RP1700: 1/9/2012 5:03:48 PM - Installed Windows XP KB971468.
    RP1701: 1/9/2012 5:04:27 PM - Installed Windows XP KB971657.
    RP1702: 1/9/2012 5:05:11 PM - Installed Windows XP KB971737.
    RP1703: 1/9/2012 5:05:54 PM - Installed Windows XP KB972270.
    RP1704: 1/9/2012 5:06:32 PM - Installed Windows XP KB973507.
    RP1705: 1/9/2012 5:07:14 PM - Installed Windows XP KB973687.
    RP1706: 1/9/2012 5:07:52 PM - Installed Windows XP KB973815.
    RP1707: 1/9/2012 5:08:39 PM - Installed Windows XP KB973869.
    RP1708: 1/9/2012 5:09:20 PM - Installed Windows XP KB974112.
    RP1709: 1/9/2012 5:09:58 PM - Installed Windows XP KB974318.
    RP1710: 1/9/2012 5:10:37 PM - Installed Windows XP KB974392.
    RP1711: 1/9/2012 5:11:19 PM - Installed Windows XP KB974571.
    RP1712: 1/9/2012 5:12:04 PM - Installed Windows XP KB975025.
    RP1713: 1/9/2012 5:12:42 PM - Installed Windows XP KB975467.
    RP1714: 1/9/2012 5:13:22 PM - Installed Windows XP KB975560.
    RP1715: 1/9/2012 5:14:00 PM - Installed Windows XP KB975561.
    RP1716: 1/9/2012 5:14:41 PM - Installed Windows XP KB975562.
    RP1717: 1/9/2012 5:15:19 PM - Installed Windows XP KB975713.
    RP1718: 1/9/2012 5:16:02 PM - Installed Windows XP KB977914.
    RP1719: 1/9/2012 5:16:41 PM - Installed Windows XP KB978037.
    RP1720: 1/9/2012 5:17:24 PM - Installed Windows XP KB978338.
    RP1721: 1/9/2012 5:18:04 PM - Installed Windows XP KB978542.
    RP1722: 1/9/2012 5:18:44 PM - Installed Windows XP KB978601.
    RP1723: 1/9/2012 5:19:24 PM - Installed Windows XP KB978706.
    RP1724: 1/9/2012 5:20:01 PM - Installed Windows XP KB979309.
    RP1725: 1/9/2012 5:20:39 PM - Installed Windows XP KB979482.
    RP1726: 1/9/2012 5:21:23 PM - Installed Windows XP KB979559.
    RP1727: 1/9/2012 5:22:03 PM - Installed Windows XP KB979683.
    RP1728: 1/9/2012 5:22:44 PM - Installed Windows XP KB980218.
    RP1729: 1/9/2012 5:23:27 PM - Installed Windows XP KB980232.
    RP1730: 1/10/2012 10:44:47 AM - Installed TurboTax 2011 wrapper
    RP1731: 1/10/2012 1:03:42 PM - Installed TurboTax 2011 wgaiper
    RP1732: 1/11/2012 3:00:50 AM - Software Distribution Service 3.0
    RP1733: 1/12/2012 3:00:39 AM - Software Distribution Service 3.0
    RP1734: 1/13/2012 3:00:59 AM - System Checkpoint
    RP1735: 1/14/2012 3:10:04 AM - System Checkpoint
    RP1736: 1/15/2012 4:10:03 AM - System Checkpoint
    RP1737: 1/16/2012 5:10:03 AM - System Checkpoint
    RP1738: 1/17/2012 6:09:24 AM - System Checkpoint
    RP1739: 1/18/2012 7:09:23 AM - System Checkpoint
    RP1740: 1/19/2012 8:09:23 AM - System Checkpoint
    RP1741: 1/20/2012 9:07:56 AM - System Checkpoint
    RP1742: 1/21/2012 9:51:14 AM - System Checkpoint
    RP1743: 1/22/2012 10:51:11 AM - System Checkpoint
    RP1744: 1/23/2012 3:57:52 PM - Removed QuickBooks Point of Sale 10.0.
    RP1745: 1/24/2012 4:44:05 PM - System Checkpoint
    RP1746: 1/25/2012 4:55:43 PM - System Checkpoint
    RP1747: 1/26/2012 5:10:25 PM - System Checkpoint
    RP1748: 1/27/2012 6:09:25 PM - System Checkpoint
    RP1749: 1/28/2012 7:09:23 PM - System Checkpoint
    RP1750: 1/29/2012 8:09:22 PM - System Checkpoint
    RP1751: 1/30/2012 9:09:25 PM - System Checkpoint
    RP1752: 1/31/2012 10:08:05 PM - System Checkpoint
    RP1753: 2/1/2012 3:00:25 AM - Software Distribution Service 3.0
    RP1754: 2/2/2012 3:01:49 AM - System Checkpoint
    RP1755: 2/3/2012 3:57:57 AM - System Checkpoint
    RP1756: 2/4/2012 4:38:23 AM - System Checkpoint
    RP1757: 2/5/2012 5:38:20 AM - System Checkpoint
    RP1758: 2/6/2012 6:38:19 AM - System Checkpoint
    RP1759: 2/7/2012 6:39:59 AM - System Checkpoint
    RP1760: 2/8/2012 7:35:12 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Acrobat 8 Standard
    Adobe Acrobat 8.1.0 Standard
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center
    ATI Display Driver
    Ativa Wireless USB Utility
    BellSouth Application Management
    BellSouth FastAccess DSL Help Center
    BellSouth Internet Security - Alert Manager 1.5.11
    BellSouth Toolbar 1.0
    Broadcom Management Programs
    Brother HL-5240
    Conexant D850 56K V.9x DFVc Modem
    Coupon Printer for Windows
    Digital Line Detect
    Eagle for Windows
    Eagle for Windows Training Browser
    ESET Online Scanner v3
    FXCM Trading Station
    GFFOREX Forex Trading
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.8.0.723
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 26
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2003 Primary Interop Assemblies
    Microsoft Office Basic Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Modem Helper
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB973686)
    NetWaiting
    Norton Internet Security
    Octoshape add-in for Adobe Flash Player
    PC BackUp
    PowerDVD OD
    QuickBooks
    QuickBooks Premier Edition 2012
    QuickBooks Premier: Contractor Edition 2004
    QuickBooks Server 2012
    QuickTime
    Registry Mechanic 10.0
    Roxio DLA
    Roxio Express Labeler
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    SUPERAntiSpyware Free Edition
    TurboTax 2008
    TurboTax 2008 wgaiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 wgaiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 wgaiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wnyiper
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 wgaiper
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    TurboTax Home & Business 2006
    TurboTax Home & Business 2007
    TurboTax ItsDeductible 2005
    TurboTax ItsDeductible 2006
    TurboTax Premier 2005
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    WebFldrs XP
    WexTech AnswerWorks
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Xvid 1.2.1 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/7/2012 2:33:33 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer.
    2/6/2012 2:43:35 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/6/2012 2:39:16 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/1/2012 12:01:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
    .
    ==== End Of File ===========================
  3. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Darell Blandshaw at 13:08:31 on 2012-02-08
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.134 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe
    C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\StompSoft\PC BackUp\NbkCtrl.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
    C:\3apps\Catapult\3listen.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\3apps\Catapult\appipc.exe
    C:\WINDOWS\system32\P32HELP.EXE
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
    svchost.exe
    C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://smallbusiness.bellsouth.net/
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
    uRun: [Google Update] "c:\documents and settings\darell blandshaw\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [tgcmd] "c:\program files\support.com\bellsouth\hcenter.exe" /starthidden /tgcmdwrapper
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [NovaBackup 7 Tray Control] "c:\program files\stompsoft\pc backup\NbkCtrl.exe"
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [BellSouthAlertManager.exe] "c:\program files\bellsouth\am\BellSouthAlertManager.exe" /AUTORUN
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\docume~1\darell~1\startm~1\programs\startup\eaglel~1.lnk - c:\3apps\catapult\3listen.exe
    StartupFolder: c:\docume~1\darell~1\startm~1\programs\startup\eagles~1.lnk - c:\3apps\catapult\Sched.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ativaw~1.lnk - c:\program files\ativa\usb awgua54\wireless utility\Ativawcui.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F5131C24-E56D-11CF-B78A-444553540000} - hxxps://wc.wachovia.com/common/cab/ikcntrls.cab
    TCP: Interfaces\{86E114BA-0F17-437F-8660-2C26CCF4A375} : NameServer = 4.2.2.2,4.2.2.3
    Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - c:\program files\common files\intuit\quickbooks\QBPOSProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 94.63.240.135 www.google.com
    Hosts: 94.63.240.136 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\darell blandshaw\application data\mozilla\firefox\profiles\3otsvnu4.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 64970
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\darell blandshaw\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-2-28 3456]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-8 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-8 905336]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20111201.001\bhdrvx86.sys [2012-2-8 820344]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-8 132744]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-8 149624]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-3 652360]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-8 138248]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-1-3 632792]
    R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20111130.012\idsxpx86.sys [2012-2-8 356280]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-21 20464]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120207.033\NAVENG.SYS [2012-2-8 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120207.033\NAVEX15.SYS [2012-2-8 1576312]
    R3 QuickBooksDB22;QuickBooksDB22;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb22 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB22 [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [2010-12-29 408064]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-02-08 16:14:20 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2012-02-08 16:14:20 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-08 16:14:20 -------- d-----w- c:\program files\Symantec
    2012-02-08 16:14:20 -------- d-----w- c:\program files\common files\Symantec Shared
    2012-02-08 16:13:55 388216 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdi.sys
    2012-02-08 16:13:55 345208 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys
    2012-02-08 16:13:54 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
    2012-02-08 16:13:54 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
    2012-02-08 16:13:54 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
    2012-02-08 16:13:54 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
    2012-02-08 16:13:54 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
    2012-02-08 16:13:53 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
    2012-02-08 16:13:53 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
    2012-02-08 16:12:46 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
    2012-02-08 16:12:46 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
    2012-02-08 16:11:54 -------- d-----w- c:\windows\system32\drivers\NIS
    2012-02-08 16:11:43 -------- d-----w- c:\program files\Norton Internet Security
    2012-02-08 16:08:08 -------- d-----w- c:\documents and settings\all users\application data\Norton
    2012-02-08 16:01:34 -------- d-----w- c:\program files\NortonInstaller
    2012-02-08 16:01:34 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
    2012-02-07 21:02:45 -------- d--h--w- c:\windows\PIF
    2012-02-03 17:52:38 2494504 ----a-w- C:\Backup.1.exe
    2012-02-02 14:50:20 -------- d-----w- C:\System Recovery Files
    2012-01-10 15:43:55 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2012-01-10 15:43:55 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2012-01-10 15:38:14 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2012-01-10 15:37:19 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2012-01-10 15:35:01 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2012-01-10 15:34:56 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2012-01-10 15:17:54 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2012-01-10 15:11:39 -------- d-----w- c:\documents and settings\darell blandshaw\local settings\application data\PCHealth
    2012-01-10 15:10:00 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2012-01-10 15:00:44 -------- d-----w- c:\documents and settings\darell blandshaw\application data\MediaWmplay
    2012-01-09 21:22:42 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
    2012-01-09 21:21:13 19569 ----a-w- c:\windows\002899_.tmp
    2012-01-09 21:17:42 -------- d-----w- c:\windows\EHome
    .
    ==================== Find3M ====================
    .
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
    .
    ============= FINISH: 13:12:08.03 ===============
  4. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    Thanks for your help.
  5. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  6. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-08 13:47:08
    -----------------------------
    13:47:08.671 OS Version: Windows 5.1.2600 Service Pack 3
    13:47:08.671 Number of processors: 2 586 0x407
    13:47:08.687 ComputerName: DARELL UserName:
    13:47:20.375 Initialize success
    13:50:15.796 AVAST engine defs: 12020800
    14:02:35.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    14:02:35.390 Disk 0 Vendor: ST3160812AS 3.ADJ Size: 152587MB BusType: 3
    14:02:35.437 Disk 0 MBR read successfully
    14:02:35.437 Disk 0 MBR scan
    14:02:35.656 Disk 0 Windows XP default MBR code
    14:02:35.671 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    14:02:35.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 80325
    14:02:35.718 Disk 0 scanning sectors +312480315
    14:02:35.890 Disk 0 scanning C:\WINDOWS\system32\drivers
    14:03:00.656 Service scanning
    14:03:02.390 Modules scanning
    14:03:19.328 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    14:03:26.546 Disk 0 trace - called modules:
    14:03:26.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll atiide.sys PCIIDEX.SYS
    14:03:26.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86768ab8]
    14:03:26.578 3 CLASSPNP.SYS[f7584fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x86789b00]
    14:03:27.421 AVAST engine scan C:\WINDOWS
    14:03:47.781 AVAST engine scan C:\WINDOWS\system32
    14:08:14.812 AVAST engine scan C:\WINDOWS\system32\drivers
    14:09:04.125 AVAST engine scan C:\Documents and Settings\Darell Blandshaw
    14:11:59.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Darell Blandshaw\Desktop\MBR.dat"
    14:11:59.515 The log file has been saved successfully to "C:\Documents and Settings\Darell Blandshaw\Desktop\aswMBR.txt"
  7. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02738a00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  8. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    ok, I completed the steps you asked of me.
  9. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  10. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    ComboFix 12-02-08.02 - Darell Blandshaw 02/08/2012 15:35:19.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.449 [GMT -5:00]
    Running from: c:\documents and settings\Darell Blandshaw\My Documents\Downloads\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Darell Blandshaw\Application Data\641A.3C0
    c:\documents and settings\Darell Blandshaw\g2mdlhlpx.exe
    c:\documents and settings\Darell Blandshaw\GoToAssistDownloadHelper.exe
    c:\windows\Downloaded Installations\BMP
    c:\windows\Downloaded Installations\BMP\{3795247B-A089-4568-AAF7-E47D9285A9E9}\1033.MST
    c:\windows\Downloaded Installations\BMP\{3795247B-A089-4568-AAF7-E47D9285A9E9}\BACS.msi
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-08 16:14 . 2012-02-08 16:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-02-08 16:14 . 2012-02-08 16:14 -------- d-----w- c:\program files\Symantec
    2012-02-08 16:14 . 2012-02-08 16:14 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2012-02-08 16:14 . 2012-02-08 16:14 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-08 16:11 . 2012-02-08 16:14 -------- d-----w- c:\windows\system32\drivers\NIS
    2012-02-08 16:11 . 2012-02-08 16:11 -------- d-----w- c:\program files\Norton Internet Security
    2012-02-08 16:11 . 2012-02-08 16:11 -------- d-----w- c:\program files\Windows Sidebar
    2012-02-08 16:08 . 2012-02-08 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2012-02-08 16:01 . 2012-02-08 16:07 -------- d-----w- c:\program files\NortonInstaller
    2012-02-07 21:02 . 2012-02-07 21:02 -------- d--h--w- c:\windows\PIF
    2012-02-03 17:52 . 2012-02-02 12:06 2494504 ----a-w- C:\Backup.1.exe
    2012-02-02 14:50 . 2012-02-03 18:27 -------- d-----w- C:\System Recovery Files
    2012-01-10 15:43 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2012-01-10 15:43 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2012-01-10 15:38 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2012-01-10 15:37 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2012-01-10 15:35 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2012-01-10 15:34 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2012-01-10 15:17 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2012-01-10 15:11 . 2012-01-10 15:11 -------- d-----w- c:\documents and settings\Darell Blandshaw\Local Settings\Application Data\PCHealth
    2012-01-10 15:10 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2012-01-10 15:00 . 2012-02-06 19:46 -------- d-----w- c:\documents and settings\Darell Blandshaw\Application Data\MediaWmplay
    2012-01-09 21:22 . 2008-04-14 10:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
    2012-01-09 21:21 . 2006-12-29 05:31 19569 ----a-w- c:\windows\002899_.tmp
    2012-01-09 21:17 . 2012-01-09 21:17 -------- d-----w- c:\windows\EHome
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 20:24 . 2011-12-21 21:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 21:57 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-10 17:51 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-10 17:51 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-10 17:51 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-12-22 20:18 . 2011-12-21 18:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-06-10 2356088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 53248]
    "tgcmd"="c:\program files\Support.com\BellSouth\hcenter.exe" [2005-08-31 1277952]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
    "NovaBackup 7 Tray Control"="c:\program files\StompSoft\PC BackUp\NbkCtrl.exe" [2007-01-30 402376]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "BellSouthAlertManager.exe"="c:\program files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 2061816]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\documents and settings\Darell Blandshaw\Start Menu\Programs\Startup\
    Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2008-10-21 557056]
    Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2008-10-21 708608]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Ativa Wireless USB Utility.lnk - c:\program files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe [2006-8-29 1556480]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-28 24576]
    Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-12-6 5904216]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
    QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\3apps\\Catapult\\3listen.exe"=
    "c:\\3apps\\Catapult\\3lhelper.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2012\\QBDBMgrN.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2/28/2007 10:41 PM 3456]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1305000.091\symds.sys [2/8/2012 11:13 AM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1305000.091\symefa.sys [2/8/2012 11:13 AM 905336]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx86.sys [2/8/2012 1:59 PM 820344]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1305000.091\ccsetx86.sys [2/8/2012 11:13 AM 132744]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1305000.091\ironx86.sys [2/8/2012 11:13 AM 149624]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/3/2011 12:23 PM 652360]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2/8/2012 11:13 AM 138248]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/3/2011 11:50 AM 632792]
    R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 9:31 PM 1248256]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120207.005\IDSXpx86.sys [2/7/2012 5:29 PM 356280]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/21/2011 4:34 PM 20464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:27 AM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:27 AM 135664]
    S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [12/29/2010 10:51 AM 408064]
    S3 QuickBooksDB22;QuickBooksDB22;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB22 --> c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB22 [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 85658044
    *NewlyCreated* - BHDRVX86
    *NewlyCreated* - CCSET_NIS
    *NewlyCreated* - EECTRL
    *NewlyCreated* - ERASERUTILDRV11120
    *NewlyCreated* - ERASERUTILDRV11122
    *NewlyCreated* - IDSXPX86
    *NewlyCreated* - NAVENG
    *NewlyCreated* - NAVEX15
    *NewlyCreated* - NIS
    *NewlyCreated* - SRTSP
    *NewlyCreated* - SRTSPX
    *NewlyCreated* - SYMDS
    *NewlyCreated* - SYMEFA
    *NewlyCreated* - SYMEVENT
    *NewlyCreated* - SYMIRON
    *NewlyCreated* - SYMTDI
    *Deregistered* - 85658044
    *Deregistered* - aswMBR
    *Deregistered* - EraserUtilDrv11120
    *Deregistered* - EraserUtilDrv11122
    *Deregistered* - pwtdapow
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:27]
    .
    2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:27]
    .
    2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007Core.job
    - c:\documents and settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-18 15:44]
    .
    2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007UA.job
    - c:\documents and settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-18 15:44]
    .
    2012-02-08 c:\windows\Tasks\RMSchedule.job
    - c:\program files\Registry Mechanic\RegMech.exe [2011-01-03 22:05]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://smallbusiness.bellsouth.net/
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    Trusted Zone: intuit.com\ttlc
    TCP: Interfaces\{86E114BA-0F17-437F-8660-2C26CCF4A375}: NameServer = 4.2.2.2,4.2.2.3
    FF - ProfilePath - c:\documents and settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 64970
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Darell Blandshaw\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-08 15:48
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,cf,56,77,f4,e0,4b,4e,88,26,1d,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,cf,56,77,f4,e0,4b,4e,88,26,1d,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(660)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    Completion time: 2012-02-08 15:53:59
    ComboFix-quarantined-files.txt 2012-02-08 20:53
    .
    Pre-Run: 118,211,231,744 bytes free
    Post-Run: 118,452,367,360 bytes free
    .
    - - End Of File - - 4DE80E33C1DF3709FE4EF09F3E74AE9A
  11. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    Ok, done combofix
     
  12. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    That looks good.
    How is redirection?

    Uninstall Registry Mechanic 10.0.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==============================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    REDIRECT seems fine, no problems so far. as far as the things I have on my desktop: MBR, gmer, bootkit, boot cleaner, should I remove those?
  14. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    No.

    Go ahead with my previous reply.
  15. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    OTL logfile created on: 2/8/2012 4:20:44 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Darell Blandshaw\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    989.90 Mb Total Physical Memory | 266.60 Mb Available Physical Memory | 26.93% Memory free
    2.33 Gb Paging File | 1.28 Gb Available in Paging File | 55.01% Paging File free
    Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 110.46 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
    Drive D: | 643.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive Z: | 148.96 Gb Total Space | 54.07 Gb Free Space | 36.30% Space Free | Partition Type: NTFS

    Computer Name: DARELL | User Name: Darell Blandshaw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/08 16:18:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darell Blandshaw\My Documents\Downloads\OTL.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/12/06 12:41:18 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2011/12/06 12:39:54 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
    PRC - [2011/12/06 11:48:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
    PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe
    PRC - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2008/07/07 10:37:34 | 000,557,056 | ---- | M] () -- C:\3apps\Catapult\3listen.exe
    PRC - [2008/07/07 10:27:56 | 000,049,152 | ---- | M] () -- C:\3apps\Catapult\appipc.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/06/21 14:47:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    PRC - [2007/01/30 10:24:10 | 000,177,096 | ---- | M] (StompSoft, Inc.) -- C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe
    PRC - [2007/01/30 10:24:08 | 000,402,376 | ---- | M] (StompSoft, Inc.) -- C:\Program Files\StompSoft\PC BackUp\NBKCTRL.exe
    PRC - [2007/01/28 11:14:50 | 002,061,816 | ---- | M] (BellSouth) -- C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
    PRC - [2006/09/19 07:04:26 | 000,065,536 | ---- | M] () -- C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe
    PRC - [2006/08/29 13:28:34 | 001,556,480 | ---- | M] (Belkin) -- C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
    PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/08/31 13:16:24 | 001,855,488 | ---- | M] (BellSouth) -- C:\Program Files\Support.com\bin\tgcmd.exe
    PRC - [2004/05/19 13:03:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\P32help.exe
  16. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    ========== Modules (No Company Name) ==========

    MOD - [2012/01/12 03:39:38 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4f84d9b7209d8d81c308deda59c60524\System.Runtime.Remoting.ni.dll
    MOD - [2012/01/12 03:31:18 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e70ba6df\mscorlib.dll
    MOD - [2012/01/12 03:31:14 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_2ba5ad1b\system.drawing.dll
    MOD - [2012/01/12 03:31:03 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c17b6660\system.xml.dll
    MOD - [2012/01/12 03:30:58 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f08b8321\system.windows.forms.dll
    MOD - [2012/01/12 03:30:46 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_cee0fd2d\system.dll
    MOD - [2012/01/12 03:30:30 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2012/01/12 03:30:28 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
    MOD - [2012/01/12 03:30:26 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2012/01/12 03:26:51 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/01/12 03:26:49 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2012/01/12 03:26:49 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2012/01/12 03:26:43 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/01/12 03:26:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2012/01/12 03:26:40 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2012/01/12 03:26:40 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    MOD - [2012/01/12 03:26:38 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2012/01/12 03:26:35 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    MOD - [2012/01/12 03:26:29 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/01/11 04:22:20 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\a0e090647c856fe52e1f1e5d2a25b1ac\System.ServiceProcess.ni.dll
    MOD - [2012/01/11 04:21:42 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.ni.dll
    MOD - [2012/01/11 04:21:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\344c1e000e4158cc37a5e9068e095d40\System.Transactions.ni.dll
    MOD - [2012/01/11 04:17:23 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
    MOD - [2012/01/11 04:11:42 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    MOD - [2012/01/11 04:11:05 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2012/01/11 03:33:19 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\494945003f729a5d6ec21324dff8c7b9\System.Data.ni.dll
    MOD - [2012/01/11 03:33:12 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21\System.Windows.Forms.ni.dll
    MOD - [2012/01/11 03:32:46 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
    MOD - [2012/01/11 03:32:35 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
    MOD - [2012/01/11 03:32:28 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb7cfe8f0e8532f6381c22bf719a95dc\System.Configuration.ni.dll
    MOD - [2012/01/11 03:32:22 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
    MOD - [2012/01/11 03:32:07 | 009,085,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
    MOD - [2012/01/11 03:31:54 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
    MOD - [2011/12/06 12:40:46 | 000,138,088 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll
    MOD - [2011/12/06 12:40:42 | 000,020,840 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.DLL
    MOD - [2011/12/06 12:40:28 | 000,042,344 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll
    MOD - [2011/12/06 12:40:04 | 000,176,488 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
    MOD - [2011/12/06 12:40:02 | 000,268,648 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
    MOD - [2011/12/06 12:40:00 | 000,380,264 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll
    MOD - [2011/08/19 21:30:50 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll
    MOD - [2011/01/18 12:39:19 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2011/01/18 12:39:19 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2011/01/18 12:39:16 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2011/01/18 12:39:16 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2011/01/18 12:39:16 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
    MOD - [2011/01/18 12:39:16 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2011/01/18 12:39:16 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
    MOD - [2011/01/18 12:39:15 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2011/01/18 12:39:14 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2011/01/18 12:39:14 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2011/01/18 12:39:14 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2010/01/26 10:04:27 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
    MOD - [2010/01/26 10:04:26 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2010/01/26 10:04:25 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2010/01/26 10:04:23 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2010/01/26 10:04:23 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2010/01/26 10:04:23 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2010/01/26 10:04:22 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2010/01/26 10:04:22 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2010/01/26 10:04:22 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2010/01/26 10:04:22 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2009/01/28 09:35:38 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2009/01/28 09:35:38 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2009/01/28 09:35:37 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2009/01/28 09:35:37 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2009/01/28 09:35:36 | 000,400,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2009/01/28 09:35:36 | 000,217,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.2__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2009/01/28 09:35:36 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2009/01/28 09:35:36 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2009/01/28 09:35:36 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2009/01/21 11:24:40 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
    MOD - [2009/01/21 11:24:38 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
    MOD - [2009/01/21 11:24:36 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
    MOD - [2009/01/21 11:24:36 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
    MOD - [2009/01/21 11:24:36 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
    MOD - [2009/01/21 11:24:35 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
    MOD - [2008/07/07 10:37:34 | 000,557,056 | ---- | M] () -- C:\3apps\Catapult\3listen.exe
    MOD - [2008/07/07 10:27:56 | 000,049,152 | ---- | M] () -- C:\3apps\Catapult\appipc.exe
    MOD - [2006/09/19 07:04:26 | 000,065,536 | ---- | M] () -- C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe
    MOD - [2006/08/29 13:27:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\AtivaHWStatus.dll
    MOD - [2006/08/29 13:27:16 | 000,057,344 | ---- | M] () -- C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\AtivaDLL.dll
    MOD - [2005/08/31 13:16:02 | 000,094,208 | ---- | M] () -- C:\Program Files\Support.com\bin\sdcdetect.dll
    MOD - [2004/08/10 13:11:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2004/08/10 13:11:10 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2004/08/10 13:11:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2004/08/10 13:11:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
    MOD - [2004/05/19 13:03:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\P32help.exe
  17. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/12/06 11:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
    SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)
    SRV - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2007/06/21 14:47:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/01/30 10:24:10 | 000,177,096 | ---- | M] (StompSoft, Inc.) [Auto | Running] -- C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe -- (NsEngine)
    SRV - [2006/09/19 07:04:26 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe -- (NMSAccess)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/02/08 11:36:15 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/02/08 11:36:14 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/02/08 11:14:20 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012/02/07 17:29:38 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120207.005\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/28 23:48:55 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/11/23 21:23:47 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/11/23 20:50:26 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSP.SYS -- (SRTSP)
    DRV - [2011/11/23 20:50:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/11/16 22:37:59 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMTDI.SYS -- (SYMTDI)
    DRV - [2011/11/16 22:17:48 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS -- (SymIRON)
    DRV - [2011/11/04 18:59:35 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys -- (ccSet_NIS)
    DRV - [2011/08/10 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120208.004\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/08/10 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120208.004\NAVENG.SYS -- (NAVENG)
    DRV - [2011/07/25 21:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS -- (SymDS)
    DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2006/09/14 03:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
    DRV - [2006/09/06 05:13:42 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/07/07 15:23:30 | 000,408,064 | R--- | M] (Ativa Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ODWGU.sys -- (ODWGU(Ativa)) Ativa Wireless G USB Network Adapter(Ativa)
    DRV - [2006/05/17 03:03:24 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/03/17 10:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://smallbusiness.bellsouth.net/
    IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
    IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
    IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
    IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: ""
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000002
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
    FF - prefs.js..extensions.enabledItems: {db35c6bd-d834-b8dd-d2f4-e6479dfebdcc}:0.3
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 64970
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/08 11:15:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/08 16:06:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 15:18:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 13:16:45 | 000,000,000 | ---D | M]

    [2009/10/22 12:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Extensions
    [2009/10/22 12:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2012/02/08 11:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions
    [2011/07/05 13:05:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/21 13:19:17 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2009/04/06 14:43:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions\moveplayer@movenetworks.com
    [2011/12/21 13:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\DARELL BLANDSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3OTSVNU4.DEFAULT\EXTENSIONS\{DB35C6BD-D834-B8DD-D2F4-E6479DFEBDCC}.XPI
    [2011/12/22 15:18:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/16 20:20:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/10/11 11:50:50 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2011/12/16 20:20:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
  18. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\

    O1 HOSTS File: ([2012/02/08 15:48:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
    O3 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
    O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NovaBackup 7 Tray Control] C:\Program Files\StompSoft\PC BackUp\NbkCtrl.exe (StompSoft, Inc.)
    O4 - HKLM..\Run: [tgcmd] C:\Program Files\Support.com\BellSouth\hcenter.exe (BellSouth)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ativa Wireless USB Utility.lnk = C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe (Belkin)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\Darell Blandshaw\Start Menu\Programs\Startup\Eagle Listener.lnk = C:\3apps\Catapult\3listen.exe ()
    O4 - Startup: C:\Documents and Settings\Darell Blandshaw\Start Menu\Programs\Startup\Eagle Scheduler.lnk = C:\3apps\Catapult\Sched.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} https://wc.wachovia.com/common/cab/ikcntrls.cab (Ikonic Menu Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86E114BA-0F17-437F-8660-2C26CCF4A375}: NameServer = 4.2.2.2,4.2.2.3
    O18 - Protocol\Handler\intu-help-qb5 - No CLSID value found
    O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/10/21 14:45:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
    O32 - AutoRun File - [2008/10/21 14:45:23 | 000,000,034 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/02/18 19:16:20 | 000,000,183 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
  19. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/08 15:32:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/02/08 15:32:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/02/08 15:32:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/02/08 15:32:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/02/08 15:32:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/08 14:19:25 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Darell Blandshaw\Desktop\boot_cleaner.exe
    [2012/02/08 11:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\My Documents\Symantec
    [2012/02/08 11:14:20 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2012/02/08 11:14:20 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2012/02/08 11:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2012/02/08 11:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2012/02/08 11:13:55 | 000,388,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symtdi.sys
    [2012/02/08 11:13:55 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symtdiv.sys
    [2012/02/08 11:13:54 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symefa.sys
    [2012/02/08 11:13:54 | 000,574,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.sys
    [2012/02/08 11:13:54 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symds.sys
    [2012/02/08 11:13:54 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnets.sys
    [2012/02/08 11:13:54 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.sys
    [2012/02/08 11:13:53 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ironx86.sys
    [2012/02/08 11:13:53 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccsetx86.sys
    [2012/02/08 11:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1305000.091
    [2012/02/08 11:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
    [2012/02/08 11:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
    [2012/02/08 11:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
    [2012/02/08 11:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
    [2012/02/08 11:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2012/02/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2012/02/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    [2012/02/07 16:02:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2012/02/03 12:52:38 | 002,494,504 | ---- | C] (Softthinks) -- C:\Backup.1.exe
    [2012/02/02 09:50:20 | 000,000,000 | ---D | C] -- C:\System Recovery Files
    [2012/01/18 10:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\Start Menu\Programs\Google Chrome
    [2012/01/10 10:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2011
    [2012/01/10 10:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\PCHealth
    [2012/01/10 10:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\Application Data\MediaWmplay
    [2012/01/10 09:58:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/08 16:24:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/08 16:07:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/08 16:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/08 16:05:18 | 1038,061,568 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/08 15:48:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/02/08 14:54:01 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007UA.job
    [2012/02/08 14:11:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\MBR.dat
    [2012/02/08 13:59:28 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\VT20111023.022
    [2012/02/08 11:14:44 | 000,609,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Cat.DB
    [2012/02/08 11:14:20 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2012/02/08 11:14:20 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2012/02/08 11:14:20 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2012/02/08 11:14:20 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2012/02/08 11:14:13 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
    [2012/02/08 10:04:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
    [2012/02/07 15:54:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007Core.job
    [2012/02/07 12:59:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/03 17:58:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/02/03 12:12:33 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\Shortcut to System Recovery files.lnk
    [2012/02/03 00:19:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/02/02 07:06:12 | 002,494,504 | ---- | M] (Softthinks) -- C:\Backup.1.exe
    [2012/02/02 06:42:11 | 4189,273,733 | ---- | M] () -- C:\Backup.2.fbw
    [2012/01/23 20:51:24 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/01/23 20:51:23 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\Google Chrome.lnk
    [2012/01/19 16:16:25 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
    [2012/01/18 16:21:23 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\My Documents\1B81EA10
    [2012/01/12 03:33:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/01/12 03:27:15 | 000,506,958 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/12 03:27:15 | 000,089,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/01/11 10:17:20 | 000,160,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/01/10 12:34:49 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2012/01/10 09:58:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tubulunu
    [2012/02/08 15:32:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/02/08 15:32:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/02/08 15:32:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/02/08 15:32:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/02/08 15:32:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/02/08 14:11:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\MBR.dat
    [2012/02/08 14:00:43 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\VT20111023.022
    [2012/02/08 11:14:23 | 000,609,563 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Cat.DB
    [2012/02/08 11:14:20 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2012/02/08 11:14:20 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2012/02/08 11:14:13 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
    [2012/02/08 11:13:55 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnetv.cat
    [2012/02/08 11:13:55 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnetv.inf
    [2012/02/08 11:13:54 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symds.cat
    [2012/02/08 11:13:54 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnet.cat
    [2012/02/08 11:13:54 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symefa.cat
    [2012/02/08 11:13:54 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.cat
    [2012/02/08 11:13:54 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symefa.inf
    [2012/02/08 11:13:54 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symds.inf
    [2012/02/08 11:13:54 | 000,001,441 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnet.inf
    [2012/02/08 11:13:54 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.inf
    [2012/02/08 11:13:54 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.inf
    [2012/02/08 11:13:53 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccsetx86.cat
    [2012/02/08 11:13:53 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.cat
    [2012/02/08 11:13:53 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\iron.cat
    [2012/02/08 11:13:53 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccsetx86.inf
    [2012/02/08 11:13:53 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\iron.inf
    [2012/02/08 11:13:53 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\isolate.ini
    [2012/02/03 12:53:02 | 4189,273,733 | ---- | C] () -- C:\Backup.2.fbw
    [2012/02/03 12:12:33 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\Shortcut to System Recovery files.lnk
    [2012/01/23 15:15:28 | 1038,061,568 | -HS- | C] () -- C:\hiberfil.sys
    [2012/01/18 16:21:23 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\My Documents\1B81EA10
    [2012/01/18 10:46:24 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\Google Chrome.lnk
    [2012/01/18 10:46:24 | 000,002,343 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/01/18 10:44:28 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007UA.job
    [2012/01/18 10:44:26 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007Core.job
    [2012/01/11 11:01:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/10 10:47:39 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2012/01/10 10:46:58 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
    [2011/11/07 12:44:36 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2011/10/07 12:50:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/10/07 09:29:22 | 000,815,759 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1825289168-564950612-1891292674-1007-0.dat
    [2011/10/07 09:29:13 | 000,220,094 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/08/19 21:26:28 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
    [2011/08/19 21:26:28 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
    [2011/08/19 21:26:28 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\Gsw32.exe.config
    [2011/08/05 15:17:03 | 000,288,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/06/20 11:09:47 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/01/03 11:51:11 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
    [2008/10/21 14:45:25 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\Usqlcs32.dll
    [2008/10/21 14:45:25 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\Ccmove32.dll
    [2008/10/21 14:45:25 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\Ccchng32.dll
    [2008/10/21 14:45:21 | 001,929,216 | ---- | C] () -- C:\WINDOWS\System32\PDFDLL32.DLL
    [2008/10/21 14:45:17 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LFDRW14N.DLL
    [2008/10/21 14:44:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\tmusbvb.dll
    [2008/10/21 14:44:36 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\P3jpg32.dll
    [2008/10/21 14:44:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\P32help.exe
    [2008/10/21 14:41:04 | 000,004,254 | ---- | C] () -- C:\WINDOWS\3apps.ini
    [2008/10/06 10:53:26 | 000,048,397 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
    [2008/09/08 12:10:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/07/07 13:27:51 | 001,646,592 | ---- | C] () -- C:\WINDOWS\System32\3wpn10.dll
    [2008/07/07 13:27:45 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\3web.dll
    [2008/07/07 13:27:12 | 012,517,376 | ---- | C] () -- C:\WINDOWS\System32\3viewA10.dll
    [2008/07/07 13:25:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\3view10.dll
    [2008/07/07 13:25:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\3rsmhtml.dll
    [2008/07/07 13:25:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\3inslc10.dll
    [2008/07/07 13:24:51 | 000,643,072 | ---- | C] () -- C:\WINDOWS\System32\3enum10.dll
    [2008/07/07 13:24:15 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\n_uptrxns.dll
    [2008/07/07 13:24:10 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\n_tqf.dll
    [2008/07/07 13:24:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\n_signon.dll
    [2008/07/07 13:23:55 | 003,891,200 | ---- | C] () -- C:\WINDOWS\System32\n_roa.dll
    [2008/07/07 13:23:30 | 002,670,592 | ---- | C] () -- C:\WINDOWS\System32\n_qfind.dll
    [2008/07/07 13:23:08 | 002,744,320 | ---- | C] () -- C:\WINDOWS\System32\n_prtlbl.dll
    [2008/07/07 13:22:40 | 006,336,512 | ---- | C] () -- C:\WINDOWS\System32\n_pos.dll
    [2008/07/07 13:21:45 | 008,716,288 | ---- | C] () -- C:\WINDOWS\System32\n_po.dll
    [2008/07/07 13:21:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\n_na.dll
    [2008/07/07 13:20:56 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\n_mvr.dll
    [2008/07/07 13:20:39 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\n_mkrentcr.dll
    [2008/07/07 13:20:18 | 006,426,624 | ---- | C] () -- C:\WINDOWS\System32\n_mcr.dll
    [2008/07/07 13:19:49 | 001,691,648 | ---- | C] () -- C:\WINDOWS\System32\n_lhelper.dll
    [2008/07/07 13:19:13 | 010,002,432 | ---- | C] () -- C:\WINDOWS\System32\n_imu.dll
    [2008/07/07 13:18:14 | 006,504,448 | ---- | C] () -- C:\WINDOWS\System32\n_gl.dll
    [2008/07/07 13:17:45 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\n_getoffln.dll
    [2008/07/07 13:17:12 | 010,539,008 | ---- | C] () -- C:\WINDOWS\System32\n_ebrowser.dll
    [2008/07/07 13:16:28 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\n_desklnk.dll
    [2008/07/07 13:16:19 | 002,199,552 | ---- | C] () -- C:\WINDOWS\System32\n_catalog.dll
    [2008/07/07 13:15:58 | 004,952,064 | ---- | C] () -- C:\WINDOWS\System32\n_bmgr.dll
    [2008/07/07 13:15:22 | 002,904,064 | ---- | C] () -- C:\WINDOWS\System32\n_atmu.dll
    [2008/07/07 13:15:02 | 002,588,672 | ---- | C] () -- C:\WINDOWS\System32\n_3wpn10.dll
    [2008/07/07 13:14:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\n_3viewmgr.dll
    [2008/07/07 13:14:52 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\n_3viewimp.dll
    [2008/07/07 13:14:20 | 010,526,720 | ---- | C] () -- C:\WINDOWS\System32\n_3viewA10.dll
    [2008/07/07 13:13:37 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\n_3usql.dll
    [2008/07/07 13:13:23 | 002,424,832 | ---- | C] () -- C:\WINDOWS\System32\n_3spsif.dll
    [2008/07/07 13:13:11 | 001,429,504 | ---- | C] () -- C:\WINDOWS\System32\n_3spmif.dll
    [2008/07/07 13:12:56 | 003,919,872 | ---- | C] () -- C:\WINDOWS\System32\n_3spimp.dll
    [2008/07/07 13:12:42 | 000,802,816 | ---- | C] () -- C:\WINDOWS\System32\n_3sku11.dll
    [2008/07/07 13:12:37 | 000,802,816 | ---- | C] () -- C:\WINDOWS\System32\n_3simp.dll
    [2008/07/07 13:12:21 | 002,347,008 | ---- | C] () -- C:\WINDOWS\System32\n_3scanner.dll
    [2008/07/07 13:12:02 | 004,390,912 | ---- | C] () -- C:\WINDOWS\System32\n_3rsc.dll
    [2008/07/07 13:11:28 | 007,110,656 | ---- | C] () -- C:\WINDOWS\System32\n_3lw.dll
    [2008/07/07 13:10:55 | 001,380,352 | ---- | C] () -- C:\WINDOWS\System32\n_3hhi.dll
    [2008/07/07 13:10:50 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\n_3filcpy.dll
    [2008/07/07 13:10:43 | 001,740,800 | ---- | C] () -- C:\WINDOWS\System32\n_3devcfg.dll
    [2008/07/07 13:10:20 | 006,385,664 | ---- | C] () -- C:\WINDOWS\System32\n_3archive.dll
    [2008/07/07 13:08:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\3print10.dll
    [2007/07/09 11:17:13 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
    [2007/07/09 11:17:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
    [2007/07/09 11:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2007/07/09 11:17:04 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI
    [2007/07/09 11:16:37 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2007/07/09 11:16:37 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5240.DAT
    [2007/06/21 09:56:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
    [2007/06/21 09:55:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
    [2007/05/24 15:09:58 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
    [2007/05/24 15:09:58 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
    [2007/05/08 14:26:58 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\fusioncache.dat
    [2007/02/28 23:09:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/02/28 23:06:02 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/02/28 23:05:20 | 000,001,392 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/02/28 22:41:06 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2007/02/28 22:40:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
    [2007/02/28 22:40:46 | 000,000,389 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 08:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2004/12/19 08:29:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2004/12/19 08:17:10 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/10 12:57:52 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/10 12:57:15 | 000,160,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 12:51:20 | 000,506,958 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 12:51:20 | 000,089,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
    [2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
    [2002/04/19 09:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
    [2002/04/19 08:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2000/12/03 11:09:44 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\Torero1n.dll
    [2000/04/12 18:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
    [2000/04/12 18:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
    [2000/03/22 11:42:52 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\Tscmg4n.dll
    [2000/03/22 11:42:20 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\Toril1n.dll
    [1999/03/11 12:43:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\3hist10.dll
    [1997/11/25 07:54:04 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Mfldll32.dll
    [1997/11/25 07:53:56 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Mffdib32.dll

    ========== LOP Check ==========

    [2007/06/21 10:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
    [2009/09/30 09:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4AC24A4B
    [2011/11/07 12:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/11/07 13:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2011/11/08 16:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
    [2011/01/04 11:20:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D2E28092-1950-4945-9895-A709AFF3AABD}
    [2012/02/07 12:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Agirq
    [2007/06/21 10:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\BellSouth
    [2010/09/20 12:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\FXTS2
    [2012/02/08 10:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Iqumypl
    [2009/03/16 13:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Leadertech
    [2012/02/06 14:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\MediaWmplay
    [2011/08/12 12:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\TightVNC
    [2009/01/21 16:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2012/02/08 10:04:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
  20. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/10/21 14:45:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.001
    [2008/10/21 14:45:23 | 000,000,034 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2012/02/02 07:06:12 | 002,494,504 | ---- | M] (Softthinks) -- C:\Backup.1.exe
    [2012/02/02 06:42:11 | 4189,273,733 | ---- | M] () -- C:\Backup.2.fbw
    [2007/06/21 09:56:11 | 009,630,336 | ---- | M] () -- C:\BellSouthIW.re~
    [2011/06/10 11:23:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/06/28 12:24:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/02/08 15:54:00 | 000,016,667 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/02/28 22:42:36 | 000,005,494 | RH-- | M] () -- C:\dell.sdr
    [2012/02/08 16:05:18 | 1038,061,568 | -HS- | M] () -- C:\hiberfil.sys
    [2007/07/06 15:47:10 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2011/07/06 11:26:46 | 000,025,949 | ---- | M] () -- C:\JavaRa.log
    [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2012/01/09 16:22:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/02/08 16:05:17 | 1560,281,088 | -HS- | M] () -- C:\pagefile.sys
    [2011/06/28 12:21:54 | 000,000,401 | ---- | M] () -- C:\rkill.log
    [2012/02/08 11:34:29 | 000,064,832 | ---- | M] () -- C:\TDSSKiller.2.7.10.0_08.02.2012_11.34.02_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2007/06/21 13:16:02 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2012/01/09 16:28:48 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/05/08 14:27:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2008/12/30 10:43:56 | 023,804,784 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\aaw2008.exe
    [2011/09/20 03:02:00 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Darell Blandshaw\Desktop\boot_cleaner.exe
    [2008/12/23 12:44:33 | 001,226,248 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Darell Blandshaw\Desktop\DMSetup.exe
    [2011/01/03 12:56:06 | 008,224,280 | ---- | M] (FXCM ) -- C:\Documents and Settings\Darell Blandshaw\Desktop\FXTS2Install(2).EXE
    [2010/05/03 14:48:23 | 017,814,819 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\FXTS2Install.EXE
    [2011/03/08 15:06:45 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Darell Blandshaw\Desktop\install_flash_player(3).exe
    [2008/09/09 12:05:35 | 001,495,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Darell Blandshaw\Desktop\install_flash_player.exe
    [2009/10/22 12:09:19 | 018,665,720 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Darell Blandshaw\Desktop\LimeWireWin.exe
    [2011/01/03 12:23:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Darell Blandshaw\Desktop\mbam-setup-1.50.1.1100.exe
    [2009/07/10 13:24:47 | 012,928,042 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\MICROLOTFXTS2Install.EXE
    [2010/06/08 13:13:25 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Darell Blandshaw\Desktop\QuickTimeInstaller.exe
    [2009/03/16 13:28:01 | 031,373,472 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\R158510.EXE
    [2009/03/16 13:23:17 | 030,527,088 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\R159293.EXE
    [2011/01/03 11:50:20 | 015,992,432 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Darell Blandshaw\Desktop\rminstall.exe
    [2010/01/15 12:49:31 | 000,589,824 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\setup(2).exe
    [2008/10/06 10:52:13 | 004,092,943 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\veetle-0.9.7.exe
    [2010/10/22 12:08:40 | 001,135,080 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\yahoomailuploader_0.5.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2008/10/21 14:40:01 | 008,658,288 | ---- | M] (ATT Internet Services ) -- C:\Documents and Settings\Darell Blandshaw\HC43SInstaller.exe
    [2010/12/06 11:26:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\mstsc.exe

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/05/08 14:27:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Darell Blandshaw\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/02/08 16:18:17 | 000,196,608 | -HS- | M] () -- C:\Documents and Settings\Darell Blandshaw\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  21. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    OTL Extras logfile created on: 2/8/2012 4:20:44 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Darell Blandshaw\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    989.90 Mb Total Physical Memory | 266.60 Mb Available Physical Memory | 26.93% Memory free
    2.33 Gb Paging File | 1.28 Gb Available in Paging File | 55.01% Paging File free
    Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 110.46 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
    Drive D: | 643.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive Z: | 148.96 Gb Total Space | 54.07 Gb Free Space | 36.30% Space Free | Partition Type: NTFS

    Computer Name: DARELL | User Name: Darell Blandshaw | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
  22. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\3apps\Catapult\3listen.exe" = C:\3apps\Catapult\3listen.exe:*:Enabled:E4W TCP/IP Listener -- ()
    "C:\3apps\Catapult\3lhelper.exe" = C:\3apps\Catapult\3lhelper.exe:*:Enabled:E4W Listener Helper -- ()
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
    "C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe:*:Enabled:QuickBooks 2012 Data Manager -- (Intuit, Inc.)
    "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
  23. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1BA3FFE3-B30C-497E-8F83-1A4D6BD9041F}" = Ativa Wireless USB Utility
    "{22B274BE-BEE8-4D8C-AEAF-75DB9350A7A1}" = QuickBooks Premier Edition 2012
    "{230EF993-9932-4650-B7BF-E9455695BEAB}" = QuickBooks Server 2012
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{293B2D75-5735-4DFE-8642-F0EDEE9EB064}" = TurboTax 2010 wgaiper
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2b02f826-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Contractor Edition 2004
    "{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{596ECF31-381D-406D-9C22-6B805C3D7A8F}" = TurboTax 2011 wgaiper
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD OD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7159715B-8F47-48FD-AC90-71A60D32A01B}" = PC BackUp
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{7D3A6B8F-45C1-4814-967E-6D84BBB868CD}" = ATI Catalyst Control Center
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{840607F9-44C8-4282-95F3-5A196AC5C80A}" = Brother HL-5240
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
    "{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
    "Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ATI Display Driver" = ATI Display Driver
    "BellSouth" = BellSouth FastAccess DSL Help Center
    "BellSouth Application Management" = BellSouth Application Management
    "blstoolbar" = BellSouth Toolbar 1.0
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Eagle for Windows" = Eagle for Windows
    "Eagle for Windows Training Browser" = Eagle for Windows Training Browser
    "ESET Online Scanner" = ESET Online Scanner v3
    "FXCM Trading Station" = FXCM Trading Station
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{1BA3FFE3-B30C-497E-8F83-1A4D6BD9041F}" = Ativa Wireless USB Utility
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NIS" = Norton Internet Security
    "RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.5.11
    "Registry Mechanic_is1" = Registry Mechanic 10.0
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "TurboTax Home & Business 2006" = TurboTax Home & Business 2006
    "TurboTax Home & Business 2007" = TurboTax Home & Business 2007
    "TurboTax Premier 2005" = TurboTax Premier 2005
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GFFOREX Forex Trading " = GFFOREX Forex Trading
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 4.8.0.723
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/7/2012 3:37:32 PM | Computer Name = DARELL | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 2/7/2012 7:27:02 PM | Computer Name = DARELL | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

    Error - 2/8/2012 11:09:53 AM | Computer Name = DARELL | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 2/8/2012 11:09:53 AM | Computer Name = DARELL | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 2/8/2012 11:09:53 AM | Computer Name = DARELL | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 2/8/2012 4:27:04 PM | Computer Name = DARELL | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

    Error - 2/8/2012 5:12:57 PM | Computer Name = DARELL | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 2/8/2012 5:12:57 PM | Computer Name = DARELL | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 2/8/2012 5:12:57 PM | Computer Name = DARELL | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 2/8/2012 5:13:10 PM | Computer Name = DARELL | Source = Application Error | ID = 1000
    Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
    user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

    [ System Events ]
    Error - 1/23/2012 5:00:57 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/23/2012 5:00:58 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/23/2012 5:00:58 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 2/1/2012 4:17:27 AM | Computer Name = DARELL | Source = DCOM | ID = 10010
    Description = The server {76DEF3AC-2910-4234-9EE2-C81B2D45833A} did not register
    with DCOM within the required timeout.

    Error - 2/1/2012 1:01:10 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the wscsvc service.

    Error - 2/6/2012 3:39:16 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7031
    Description = The McAfee Real-time Scanner service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 2/6/2012 3:43:35 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7031
    Description = The McAfee Real-time Scanner service terminated unexpectedly. It
    has done this 2 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 2/7/2012 3:33:33 PM | Computer Name = DARELL | Source = Print | ID = 19
    Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
    Writer share name Printer.

    Error - 2/8/2012 4:31:59 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7034
    Description = The QuickBooksDB22 service terminated unexpectedly. It has done this
    1 time(s).

    Error - 2/8/2012 4:34:42 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7034
    Description = The NMSAccess service terminated unexpectedly. It has done this 1
    time(s).


    < End of report >
  24. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    sorry i had to post in so many pieces.. the files were large
  25. bshaw

    bshaw TS Rookie Topic Starter Posts: 76

    I also could not remove the registry mechanic, because it said it was missing a file, so i could not uninstall. what should I do?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.