Solved Google redirect virus again

bshaw

Posts: 76   +0
hello, I had this problem before and you guys fixed it, but now my google searches are redirected, the browser moves slow and my google docs won't pull up. I have this problem on both google chrome and firefox. yahoo search seems to work fine. I followed the instructions and here is my logs:


Protection: Enabled

2/8/2012 12:38:37 PM
mbam-log-2012-02-08 (12-38-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215815
Time elapsed: 14 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

------------------------------------------------------------------------------------


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-08 13:03:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3160812AS rev.3.ADJ
Running: cjd93v98.exe; Driver: C:\DOCUME~1\DARELL~1\LOCALS~1\Temp\pwtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/8/2007 3:26:43 PM
System Uptime: 2/8/2012 10:04:48 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0MH651
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2800/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 110.258 GiB free.
D: is CDROM (CDFS)
Z: is NetworkDisk (NTFS) - 149 GiB total, 54.26 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1616: 11/25/2011 4:51:23 PM - System Checkpoint
RP1617: 11/26/2011 4:53:10 PM - System Checkpoint
RP1618: 11/27/2011 5:53:29 PM - System Checkpoint
RP1619: 11/28/2011 5:58:29 PM - System Checkpoint
RP1620: 11/29/2011 6:57:24 PM - System Checkpoint
RP1621: 11/30/2011 7:34:37 PM - System Checkpoint
RP1622: 12/1/2011 8:34:38 PM - System Checkpoint
RP1623: 12/2/2011 9:34:38 PM - System Checkpoint
RP1624: 12/3/2011 10:34:36 PM - System Checkpoint
RP1625: 12/4/2011 11:34:36 PM - System Checkpoint
RP1626: 12/6/2011 12:34:27 AM - System Checkpoint
RP1627: 12/7/2011 1:34:26 AM - System Checkpoint
RP1628: 12/8/2011 2:34:27 AM - System Checkpoint
RP1629: 12/9/2011 3:34:27 AM - System Checkpoint
RP1630: 12/10/2011 4:34:26 AM - System Checkpoint
RP1631: 12/11/2011 5:34:26 AM - System Checkpoint
RP1632: 12/12/2011 6:34:27 AM - System Checkpoint
RP1633: 12/13/2011 7:32:12 AM - System Checkpoint
RP1634: 12/14/2011 7:41:31 AM - System Checkpoint
RP1635: 12/15/2011 8:41:32 AM - System Checkpoint
RP1636: 12/16/2011 9:41:29 AM - System Checkpoint
RP1637: 12/17/2011 10:41:31 AM - System Checkpoint
RP1638: 12/18/2011 11:41:29 AM - System Checkpoint
RP1639: 12/19/2011 2:07:49 PM - System Checkpoint
RP1640: 12/20/2011 2:23:45 PM - System Checkpoint
RP1641: 12/21/2011 4:53:37 PM - System Checkpoint
RP1642: 12/22/2011 5:51:51 PM - System Checkpoint
RP1643: 12/23/2011 6:51:53 PM - System Checkpoint
RP1644: 12/24/2011 7:51:52 PM - System Checkpoint
RP1645: 12/25/2011 8:51:51 PM - System Checkpoint
RP1646: 12/26/2011 9:51:37 PM - System Checkpoint
RP1647: 12/27/2011 10:51:38 PM - System Checkpoint
RP1648: 12/28/2011 11:51:38 PM - System Checkpoint
RP1649: 12/30/2011 12:51:38 AM - System Checkpoint
RP1650: 12/31/2011 1:51:38 AM - System Checkpoint
RP1651: 1/1/2012 2:51:38 AM - System Checkpoint
RP1652: 1/2/2012 3:51:37 AM - System Checkpoint
RP1653: 1/3/2012 4:49:20 AM - System Checkpoint
RP1654: 1/4/2012 5:49:21 AM - System Checkpoint
RP1655: 1/5/2012 6:49:22 AM - System Checkpoint
RP1656: 1/6/2012 7:49:21 AM - System Checkpoint
RP1657: 1/7/2012 8:49:19 AM - System Checkpoint
RP1658: 1/8/2012 9:49:18 AM - System Checkpoint
RP1659: 1/9/2012 2:40:15 PM - System Checkpoint
RP1660: 1/9/2012 4:21:21 PM - Installed Windows XP Service Pack 3.
RP1661: 1/9/2012 4:33:58 PM - Installed Windows XP KB2229593.
RP1662: 1/9/2012 4:34:35 PM - Installed Windows XP KB923561.
RP1663: 1/9/2012 4:35:17 PM - Installed Windows XP KB938464.
RP1664: 1/9/2012 4:35:55 PM - Installed Windows XP KB946648.
RP1665: 1/9/2012 4:36:40 PM - Installed Windows XP KB950762.
RP1666: 1/9/2012 4:37:18 PM - Installed Windows XP KB950974.
RP1667: 1/9/2012 4:37:57 PM - Installed Windows XP KB951066.
RP1668: 1/9/2012 4:38:45 PM - Installed Windows XP KB951376.
RP1669: 1/9/2012 4:39:24 PM - Installed Windows XP KB951376-v2.
RP1670: 1/9/2012 4:40:02 PM - Installed Windows XP KB951698.
RP1671: 1/9/2012 4:40:41 PM - Installed Windows XP KB951748.
RP1672: 1/9/2012 4:41:57 PM - Installed Windows XP KB952004.
RP1673: 1/9/2012 4:42:44 PM - Installed Windows XP KB952287.
RP1674: 1/9/2012 4:43:20 PM - Installed Windows XP KB952954.
RP1675: 1/9/2012 4:44:02 PM - Installed Windows XP KB954211.
RP1676: 1/9/2012 4:44:41 PM - Installed Windows XP KB954600.
RP1677: 1/9/2012 4:45:18 PM - Installed Windows XP KB974112.
RP1678: 1/9/2012 4:46:44 PM - Installed Windows XP KB955069.
RP1679: 1/9/2012 4:47:21 PM - Installed Windows XP KB973687.
RP1680: 1/9/2012 4:48:06 PM - Installed Windows XP KB955759.
RP1681: 1/9/2012 4:49:01 PM - Installed Windows XP KB956572.
RP1682: 1/9/2012 4:49:45 PM - Installed Windows XP KB956802.
RP1683: 1/9/2012 4:50:25 PM - Installed Windows XP KB956803.
RP1684: 1/9/2012 4:51:40 PM - Installed Windows XP KB956841.
RP1685: 1/9/2012 4:52:19 PM - Installed Windows XP KB956844.
RP1686: 1/9/2012 4:53:41 PM - Installed Windows XP KB957095.
RP1687: 1/9/2012 4:54:26 PM - Installed Windows XP KB957097.
RP1688: 1/9/2012 4:55:11 PM - Installed Windows XP KB958644.
RP1689: 1/9/2012 4:55:51 PM - Installed Windows XP KB959426.
RP1690: 1/9/2012 4:56:37 PM - Installed Windows XP KB960225.
RP1691: 1/9/2012 4:57:19 PM - Installed Windows XP KB960803.
RP1692: 1/9/2012 4:58:01 PM - Installed Windows XP KB960859.
RP1693: 1/9/2012 4:58:44 PM - Installed Windows XP KB961118.
RP1694: 1/9/2012 4:59:36 PM - Installed Windows XP KB961501.
RP1695: 1/9/2012 5:00:17 PM - Installed Windows XP KB967715.
RP1696: 1/9/2012 5:01:04 PM - Installed Windows XP KB968389.
RP1697: 1/9/2012 5:01:43 PM - Installed Windows XP KB969059.
RP1698: 1/9/2012 5:02:27 PM - Installed Windows XP KB970238.
RP1699: 1/9/2012 5:03:06 PM - Installed Windows XP KB970430.
RP1700: 1/9/2012 5:03:48 PM - Installed Windows XP KB971468.
RP1701: 1/9/2012 5:04:27 PM - Installed Windows XP KB971657.
RP1702: 1/9/2012 5:05:11 PM - Installed Windows XP KB971737.
RP1703: 1/9/2012 5:05:54 PM - Installed Windows XP KB972270.
RP1704: 1/9/2012 5:06:32 PM - Installed Windows XP KB973507.
RP1705: 1/9/2012 5:07:14 PM - Installed Windows XP KB973687.
RP1706: 1/9/2012 5:07:52 PM - Installed Windows XP KB973815.
RP1707: 1/9/2012 5:08:39 PM - Installed Windows XP KB973869.
RP1708: 1/9/2012 5:09:20 PM - Installed Windows XP KB974112.
RP1709: 1/9/2012 5:09:58 PM - Installed Windows XP KB974318.
RP1710: 1/9/2012 5:10:37 PM - Installed Windows XP KB974392.
RP1711: 1/9/2012 5:11:19 PM - Installed Windows XP KB974571.
RP1712: 1/9/2012 5:12:04 PM - Installed Windows XP KB975025.
RP1713: 1/9/2012 5:12:42 PM - Installed Windows XP KB975467.
RP1714: 1/9/2012 5:13:22 PM - Installed Windows XP KB975560.
RP1715: 1/9/2012 5:14:00 PM - Installed Windows XP KB975561.
RP1716: 1/9/2012 5:14:41 PM - Installed Windows XP KB975562.
RP1717: 1/9/2012 5:15:19 PM - Installed Windows XP KB975713.
RP1718: 1/9/2012 5:16:02 PM - Installed Windows XP KB977914.
RP1719: 1/9/2012 5:16:41 PM - Installed Windows XP KB978037.
RP1720: 1/9/2012 5:17:24 PM - Installed Windows XP KB978338.
RP1721: 1/9/2012 5:18:04 PM - Installed Windows XP KB978542.
RP1722: 1/9/2012 5:18:44 PM - Installed Windows XP KB978601.
RP1723: 1/9/2012 5:19:24 PM - Installed Windows XP KB978706.
RP1724: 1/9/2012 5:20:01 PM - Installed Windows XP KB979309.
RP1725: 1/9/2012 5:20:39 PM - Installed Windows XP KB979482.
RP1726: 1/9/2012 5:21:23 PM - Installed Windows XP KB979559.
RP1727: 1/9/2012 5:22:03 PM - Installed Windows XP KB979683.
RP1728: 1/9/2012 5:22:44 PM - Installed Windows XP KB980218.
RP1729: 1/9/2012 5:23:27 PM - Installed Windows XP KB980232.
RP1730: 1/10/2012 10:44:47 AM - Installed TurboTax 2011 wrapper
RP1731: 1/10/2012 1:03:42 PM - Installed TurboTax 2011 wgaiper
RP1732: 1/11/2012 3:00:50 AM - Software Distribution Service 3.0
RP1733: 1/12/2012 3:00:39 AM - Software Distribution Service 3.0
RP1734: 1/13/2012 3:00:59 AM - System Checkpoint
RP1735: 1/14/2012 3:10:04 AM - System Checkpoint
RP1736: 1/15/2012 4:10:03 AM - System Checkpoint
RP1737: 1/16/2012 5:10:03 AM - System Checkpoint
RP1738: 1/17/2012 6:09:24 AM - System Checkpoint
RP1739: 1/18/2012 7:09:23 AM - System Checkpoint
RP1740: 1/19/2012 8:09:23 AM - System Checkpoint
RP1741: 1/20/2012 9:07:56 AM - System Checkpoint
RP1742: 1/21/2012 9:51:14 AM - System Checkpoint
RP1743: 1/22/2012 10:51:11 AM - System Checkpoint
RP1744: 1/23/2012 3:57:52 PM - Removed QuickBooks Point of Sale 10.0.
RP1745: 1/24/2012 4:44:05 PM - System Checkpoint
RP1746: 1/25/2012 4:55:43 PM - System Checkpoint
RP1747: 1/26/2012 5:10:25 PM - System Checkpoint
RP1748: 1/27/2012 6:09:25 PM - System Checkpoint
RP1749: 1/28/2012 7:09:23 PM - System Checkpoint
RP1750: 1/29/2012 8:09:22 PM - System Checkpoint
RP1751: 1/30/2012 9:09:25 PM - System Checkpoint
RP1752: 1/31/2012 10:08:05 PM - System Checkpoint
RP1753: 2/1/2012 3:00:25 AM - Software Distribution Service 3.0
RP1754: 2/2/2012 3:01:49 AM - System Checkpoint
RP1755: 2/3/2012 3:57:57 AM - System Checkpoint
RP1756: 2/4/2012 4:38:23 AM - System Checkpoint
RP1757: 2/5/2012 5:38:20 AM - System Checkpoint
RP1758: 2/6/2012 6:38:19 AM - System Checkpoint
RP1759: 2/7/2012 6:39:59 AM - System Checkpoint
RP1760: 2/8/2012 7:35:12 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.0 Standard
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Ativa Wireless USB Utility
BellSouth Application Management
BellSouth FastAccess DSL Help Center
BellSouth Internet Security - Alert Manager 1.5.11
BellSouth Toolbar 1.0
Broadcom Management Programs
Brother HL-5240
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Digital Line Detect
Eagle for Windows
Eagle for Windows Training Browser
ESET Online Scanner v3
FXCM Trading Station
GFFOREX Forex Trading
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.8.0.723
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 26
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
NetWaiting
Norton Internet Security
Octoshape add-in for Adobe Flash Player
PC BackUp
PowerDVD OD
QuickBooks
QuickBooks Premier Edition 2012
QuickBooks Premier: Contractor Edition 2004
QuickBooks Server 2012
QuickTime
Registry Mechanic 10.0
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware Free Edition
TurboTax 2008
TurboTax 2008 wgaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wgaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wgaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2005
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
WebFldrs XP
WexTech AnswerWorks
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
2/7/2012 2:33:33 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer.
2/6/2012 2:43:35 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/6/2012 2:39:16 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/1/2012 12:01:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
.
==== End Of File ===========================
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Darell Blandshaw at 13:08:31 on 2012-02-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.134 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe
C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\StompSoft\PC BackUp\NbkCtrl.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
C:\3apps\Catapult\3listen.exe
C:\WINDOWS\system32\wuauclt.exe
C:\3apps\Catapult\appipc.exe
C:\WINDOWS\system32\P32HELP.EXE
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
svchost.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://smallbusiness.bellsouth.net/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Google Update] "c:\documents and settings\darell blandshaw\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [tgcmd] "c:\program files\support.com\bellsouth\hcenter.exe" /starthidden /tgcmdwrapper
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NovaBackup 7 Tray Control] "c:\program files\stompsoft\pc backup\NbkCtrl.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [BellSouthAlertManager.exe] "c:\program files\bellsouth\am\BellSouthAlertManager.exe" /AUTORUN
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\darell~1\startm~1\programs\startup\eaglel~1.lnk - c:\3apps\catapult\3listen.exe
StartupFolder: c:\docume~1\darell~1\startm~1\programs\startup\eagles~1.lnk - c:\3apps\catapult\Sched.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ativaw~1.lnk - c:\program files\ativa\usb awgua54\wireless utility\Ativawcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5131C24-E56D-11CF-B78A-444553540000} - hxxps://wc.wachovia.com/common/cab/ikcntrls.cab
TCP: Interfaces\{86E114BA-0F17-437F-8660-2C26CCF4A375} : NameServer = 4.2.2.2,4.2.2.3
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - c:\program files\common files\intuit\quickbooks\QBPOSProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 94.63.240.135 www.google.com
Hosts: 94.63.240.136 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\darell blandshaw\application data\mozilla\firefox\profiles\3otsvnu4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64970
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\darell blandshaw\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-2-28 3456]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-8 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-8 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20111201.001\bhdrvx86.sys [2012-2-8 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-8 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-8 149624]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-3 652360]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-8 138248]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-1-3 632792]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20111130.012\idsxpx86.sys [2012-2-8 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-21 20464]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120207.033\NAVENG.SYS [2012-2-8 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120207.033\NAVEX15.SYS [2012-2-8 1576312]
R3 QuickBooksDB22;QuickBooksDB22;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb22 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB22 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [2010-12-29 408064]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-08 16:14:20 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-08 16:14:20 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-08 16:14:20 -------- d-----w- c:\program files\Symantec
2012-02-08 16:14:20 -------- d-----w- c:\program files\common files\Symantec Shared
2012-02-08 16:13:55 388216 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdi.sys
2012-02-08 16:13:55 345208 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys
2012-02-08 16:13:54 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
2012-02-08 16:13:54 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
2012-02-08 16:13:54 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
2012-02-08 16:13:54 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
2012-02-08 16:13:54 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
2012-02-08 16:13:53 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
2012-02-08 16:13:53 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
2012-02-08 16:12:46 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
2012-02-08 16:12:46 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
2012-02-08 16:11:54 -------- d-----w- c:\windows\system32\drivers\NIS
2012-02-08 16:11:43 -------- d-----w- c:\program files\Norton Internet Security
2012-02-08 16:08:08 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-02-08 16:01:34 -------- d-----w- c:\program files\NortonInstaller
2012-02-08 16:01:34 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-02-07 21:02:45 -------- d--h--w- c:\windows\PIF
2012-02-03 17:52:38 2494504 ----a-w- C:\Backup.1.exe
2012-02-02 14:50:20 -------- d-----w- C:\System Recovery Files
2012-01-10 15:43:55 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-01-10 15:43:55 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-01-10 15:38:14 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-01-10 15:37:19 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-01-10 15:35:01 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-10 15:34:56 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-01-10 15:17:54 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-10 15:11:39 -------- d-----w- c:\documents and settings\darell blandshaw\local settings\application data\PCHealth
2012-01-10 15:10:00 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-01-10 15:00:44 -------- d-----w- c:\documents and settings\darell blandshaw\application data\MediaWmplay
2012-01-09 21:22:42 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2012-01-09 21:21:13 19569 ----a-w- c:\windows\002899_.tmp
2012-01-09 21:17:42 -------- d-----w- c:\windows\EHome
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 13:12:08.03 ===============
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-08 13:47:08
-----------------------------
13:47:08.671 OS Version: Windows 5.1.2600 Service Pack 3
13:47:08.671 Number of processors: 2 586 0x407
13:47:08.687 ComputerName: DARELL UserName:
13:47:20.375 Initialize success
13:50:15.796 AVAST engine defs: 12020800
14:02:35.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
14:02:35.390 Disk 0 Vendor: ST3160812AS 3.ADJ Size: 152587MB BusType: 3
14:02:35.437 Disk 0 MBR read successfully
14:02:35.437 Disk 0 MBR scan
14:02:35.656 Disk 0 Windows XP default MBR code
14:02:35.671 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:02:35.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 80325
14:02:35.718 Disk 0 scanning sectors +312480315
14:02:35.890 Disk 0 scanning C:\WINDOWS\system32\drivers
14:03:00.656 Service scanning
14:03:02.390 Modules scanning
14:03:19.328 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
14:03:26.546 Disk 0 trace - called modules:
14:03:26.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll atiide.sys PCIIDEX.SYS
14:03:26.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86768ab8]
14:03:26.578 3 CLASSPNP.SYS[f7584fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x86789b00]
14:03:27.421 AVAST engine scan C:\WINDOWS
14:03:47.781 AVAST engine scan C:\WINDOWS\system32
14:08:14.812 AVAST engine scan C:\WINDOWS\system32\drivers
14:09:04.125 AVAST engine scan C:\Documents and Settings\Darell Blandshaw
14:11:59.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Darell Blandshaw\Desktop\MBR.dat"
14:11:59.515 The log file has been saved successfully to "C:\Documents and Settings\Darell Blandshaw\Desktop\aswMBR.txt"
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02738a00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-02-08.02 - Darell Blandshaw 02/08/2012 15:35:19.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.449 [GMT -5:00]
Running from: c:\documents and settings\Darell Blandshaw\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Darell Blandshaw\Application Data\641A.3C0
c:\documents and settings\Darell Blandshaw\g2mdlhlpx.exe
c:\documents and settings\Darell Blandshaw\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{3795247B-A089-4568-AAF7-E47D9285A9E9}\1033.MST
c:\windows\Downloaded Installations\BMP\{3795247B-A089-4568-AAF7-E47D9285A9E9}\BACS.msi
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 16:14 . 2012-02-08 16:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-02-08 16:14 . 2012-02-08 16:14 -------- d-----w- c:\program files\Symantec
2012-02-08 16:14 . 2012-02-08 16:14 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-08 16:14 . 2012-02-08 16:14 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-08 16:11 . 2012-02-08 16:14 -------- d-----w- c:\windows\system32\drivers\NIS
2012-02-08 16:11 . 2012-02-08 16:11 -------- d-----w- c:\program files\Norton Internet Security
2012-02-08 16:11 . 2012-02-08 16:11 -------- d-----w- c:\program files\Windows Sidebar
2012-02-08 16:08 . 2012-02-08 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-02-08 16:01 . 2012-02-08 16:07 -------- d-----w- c:\program files\NortonInstaller
2012-02-07 21:02 . 2012-02-07 21:02 -------- d--h--w- c:\windows\PIF
2012-02-03 17:52 . 2012-02-02 12:06 2494504 ----a-w- C:\Backup.1.exe
2012-02-02 14:50 . 2012-02-03 18:27 -------- d-----w- C:\System Recovery Files
2012-01-10 15:43 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-01-10 15:43 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-01-10 15:38 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-01-10 15:37 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-01-10 15:35 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-10 15:34 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-01-10 15:17 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-10 15:11 . 2012-01-10 15:11 -------- d-----w- c:\documents and settings\Darell Blandshaw\Local Settings\Application Data\PCHealth
2012-01-10 15:10 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-01-10 15:00 . 2012-02-06 19:46 -------- d-----w- c:\documents and settings\Darell Blandshaw\Application Data\MediaWmplay
2012-01-09 21:22 . 2008-04-14 10:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2012-01-09 21:21 . 2006-12-29 05:31 19569 ----a-w- c:\windows\002899_.tmp
2012-01-09 21:17 . 2012-01-09 21:17 -------- d-----w- c:\windows\EHome
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-12-21 21:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 17:51 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 17:51 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 17:51 152064 ----a-w- c:\windows\system32\schannel.dll
2011-12-22 20:18 . 2011-12-21 18:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-06-10 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 53248]
"tgcmd"="c:\program files\Support.com\BellSouth\hcenter.exe" [2005-08-31 1277952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"NovaBackup 7 Tray Control"="c:\program files\StompSoft\PC BackUp\NbkCtrl.exe" [2007-01-30 402376]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"BellSouthAlertManager.exe"="c:\program files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 2061816]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\Darell Blandshaw\Start Menu\Programs\Startup\
Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2008-10-21 557056]
Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2008-10-21 708608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ativa Wireless USB Utility.lnk - c:\program files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe [2006-8-29 1556480]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-28 24576]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-12-6 5904216]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\3apps\\Catapult\\3listen.exe"=
"c:\\3apps\\Catapult\\3lhelper.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2012\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2/28/2007 10:41 PM 3456]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1305000.091\symds.sys [2/8/2012 11:13 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1305000.091\symefa.sys [2/8/2012 11:13 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx86.sys [2/8/2012 1:59 PM 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1305000.091\ccsetx86.sys [2/8/2012 11:13 AM 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1305000.091\ironx86.sys [2/8/2012 11:13 AM 149624]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/3/2011 12:23 PM 652360]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2/8/2012 11:13 AM 138248]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/3/2011 11:50 AM 632792]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 9:31 PM 1248256]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120207.005\IDSXpx86.sys [2/7/2012 5:29 PM 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/21/2011 4:34 PM 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:27 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:27 AM 135664]
S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [12/29/2010 10:51 AM 408064]
S3 QuickBooksDB22;QuickBooksDB22;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB22 --> c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB22 [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 85658044
*NewlyCreated* - BHDRVX86
*NewlyCreated* - CCSET_NIS
*NewlyCreated* - EECTRL
*NewlyCreated* - ERASERUTILDRV11120
*NewlyCreated* - ERASERUTILDRV11122
*NewlyCreated* - IDSXPX86
*NewlyCreated* - NAVENG
*NewlyCreated* - NAVEX15
*NewlyCreated* - NIS
*NewlyCreated* - SRTSP
*NewlyCreated* - SRTSPX
*NewlyCreated* - SYMDS
*NewlyCreated* - SYMEFA
*NewlyCreated* - SYMEVENT
*NewlyCreated* - SYMIRON
*NewlyCreated* - SYMTDI
*Deregistered* - 85658044
*Deregistered* - aswMBR
*Deregistered* - EraserUtilDrv11120
*Deregistered* - EraserUtilDrv11122
*Deregistered* - pwtdapow
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:27]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:27]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007Core.job
- c:\documents and settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-18 15:44]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007UA.job
- c:\documents and settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-18 15:44]
.
2012-02-08 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-01-03 22:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://smallbusiness.bellsouth.net/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: Interfaces\{86E114BA-0F17-437F-8660-2C26CCF4A375}: NameServer = 4.2.2.2,4.2.2.3
FF - ProfilePath - c:\documents and settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64970
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Darell Blandshaw\Application Data\Macromedia\Flash Player\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-08 15:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,cf,56,77,f4,e0,4b,4e,88,26,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,cf,56,77,f4,e0,4b,4e,88,26,1d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2012-02-08 15:53:59
ComboFix-quarantined-files.txt 2012-02-08 20:53
.
Pre-Run: 118,211,231,744 bytes free
Post-Run: 118,452,367,360 bytes free
.
- - End Of File - - 4DE80E33C1DF3709FE4EF09F3E74AE9A
 
That looks good.
How is redirection?

Uninstall Registry Mechanic 10.0.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


==============================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
REDIRECT seems fine, no problems so far. as far as the things I have on my desktop: MBR, gmer, bootkit, boot cleaner, should I remove those?
 
OTL logfile created on: 2/8/2012 4:20:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Darell Blandshaw\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.90 Mb Total Physical Memory | 266.60 Mb Available Physical Memory | 26.93% Memory free
2.33 Gb Paging File | 1.28 Gb Available in Paging File | 55.01% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 110.46 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive D: | 643.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 148.96 Gb Total Space | 54.07 Gb Free Space | 36.30% Space Free | Partition Type: NTFS

Computer Name: DARELL | User Name: Darell Blandshaw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/08 16:18:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darell Blandshaw\My Documents\Downloads\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/06 12:41:18 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/12/06 12:39:54 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
PRC - [2011/12/06 11:48:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe
PRC - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/07/07 10:37:34 | 000,557,056 | ---- | M] () -- C:\3apps\Catapult\3listen.exe
PRC - [2008/07/07 10:27:56 | 000,049,152 | ---- | M] () -- C:\3apps\Catapult\appipc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/21 14:47:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/01/30 10:24:10 | 000,177,096 | ---- | M] (StompSoft, Inc.) -- C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe
PRC - [2007/01/30 10:24:08 | 000,402,376 | ---- | M] (StompSoft, Inc.) -- C:\Program Files\StompSoft\PC BackUp\NBKCTRL.exe
PRC - [2007/01/28 11:14:50 | 002,061,816 | ---- | M] (BellSouth) -- C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
PRC - [2006/09/19 07:04:26 | 000,065,536 | ---- | M] () -- C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe
PRC - [2006/08/29 13:28:34 | 001,556,480 | ---- | M] (Belkin) -- C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/31 13:16:24 | 001,855,488 | ---- | M] (BellSouth) -- C:\Program Files\Support.com\bin\tgcmd.exe
PRC - [2004/05/19 13:03:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\P32help.exe
 
========== Modules (No Company Name) ==========

MOD - [2012/01/12 03:39:38 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4f84d9b7209d8d81c308deda59c60524\System.Runtime.Remoting.ni.dll
MOD - [2012/01/12 03:31:18 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e70ba6df\mscorlib.dll
MOD - [2012/01/12 03:31:14 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_2ba5ad1b\system.drawing.dll
MOD - [2012/01/12 03:31:03 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c17b6660\system.xml.dll
MOD - [2012/01/12 03:30:58 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f08b8321\system.windows.forms.dll
MOD - [2012/01/12 03:30:46 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_cee0fd2d\system.dll
MOD - [2012/01/12 03:30:30 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/12 03:30:28 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/12 03:30:26 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/01/12 03:26:51 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/12 03:26:49 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/12 03:26:49 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/01/12 03:26:43 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/01/12 03:26:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/01/12 03:26:40 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/01/12 03:26:40 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/01/12 03:26:38 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/01/12 03:26:35 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/01/12 03:26:29 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/01/11 04:22:20 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\a0e090647c856fe52e1f1e5d2a25b1ac\System.ServiceProcess.ni.dll
MOD - [2012/01/11 04:21:42 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.ni.dll
MOD - [2012/01/11 04:21:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\344c1e000e4158cc37a5e9068e095d40\System.Transactions.ni.dll
MOD - [2012/01/11 04:17:23 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2012/01/11 04:11:42 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/11 04:11:05 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/01/11 03:33:19 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\494945003f729a5d6ec21324dff8c7b9\System.Data.ni.dll
MOD - [2012/01/11 03:33:12 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21\System.Windows.Forms.ni.dll
MOD - [2012/01/11 03:32:46 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
MOD - [2012/01/11 03:32:35 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
MOD - [2012/01/11 03:32:28 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb7cfe8f0e8532f6381c22bf719a95dc\System.Configuration.ni.dll
MOD - [2012/01/11 03:32:22 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
MOD - [2012/01/11 03:32:07 | 009,085,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
MOD - [2012/01/11 03:31:54 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/12/06 12:40:46 | 000,138,088 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll
MOD - [2011/12/06 12:40:42 | 000,020,840 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.DLL
MOD - [2011/12/06 12:40:28 | 000,042,344 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll
MOD - [2011/12/06 12:40:04 | 000,176,488 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2011/12/06 12:40:02 | 000,268,648 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
MOD - [2011/12/06 12:40:00 | 000,380,264 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll
MOD - [2011/08/19 21:30:50 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll
MOD - [2011/01/18 12:39:19 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/01/18 12:39:19 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/01/18 12:39:16 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/01/18 12:39:16 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/01/18 12:39:16 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/01/18 12:39:16 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/01/18 12:39:16 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/01/18 12:39:15 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/01/18 12:39:14 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/01/18 12:39:14 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/01/18 12:39:14 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/01/26 10:04:27 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/01/26 10:04:26 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/01/26 10:04:25 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/01/26 10:04:23 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/01/26 10:04:23 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/01/26 10:04:23 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/01/26 10:04:22 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/01/26 10:04:22 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/01/26 10:04:22 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/01/26 10:04:22 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/01/28 09:35:38 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/01/28 09:35:38 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/01/28 09:35:37 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/01/28 09:35:37 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/01/28 09:35:36 | 000,400,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/01/28 09:35:36 | 000,217,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.2__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/01/28 09:35:36 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/01/28 09:35:36 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/01/28 09:35:36 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.10__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/01/21 11:24:40 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/01/21 11:24:38 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/01/21 11:24:36 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/01/21 11:24:36 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/01/21 11:24:36 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/01/21 11:24:35 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2008/07/07 10:37:34 | 000,557,056 | ---- | M] () -- C:\3apps\Catapult\3listen.exe
MOD - [2008/07/07 10:27:56 | 000,049,152 | ---- | M] () -- C:\3apps\Catapult\appipc.exe
MOD - [2006/09/19 07:04:26 | 000,065,536 | ---- | M] () -- C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe
MOD - [2006/08/29 13:27:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\AtivaHWStatus.dll
MOD - [2006/08/29 13:27:16 | 000,057,344 | ---- | M] () -- C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\AtivaDLL.dll
MOD - [2005/08/31 13:16:02 | 000,094,208 | ---- | M] () -- C:\Program Files\Support.com\bin\sdcdetect.dll
MOD - [2004/08/10 13:11:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2004/08/10 13:11:10 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/10 13:11:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2004/08/10 13:11:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2004/05/19 13:03:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\P32help.exe
 
========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/06 11:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)
SRV - [2010/10/01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/06/21 14:47:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/01/30 10:24:10 | 000,177,096 | ---- | M] (StompSoft, Inc.) [Auto | Running] -- C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe -- (NsEngine)
SRV - [2006/09/19 07:04:26 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - [2012/02/08 11:36:15 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/08 11:36:14 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/08 11:14:20 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/07 17:29:38 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120207.005\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 23:48:55 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/23 21:23:47 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS -- (SymEFA)
DRV - [2011/11/23 20:50:26 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSP.SYS -- (SRTSP)
DRV - [2011/11/23 20:50:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/16 22:37:59 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/11/16 22:17:48 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS -- (SymIRON)
DRV - [2011/11/04 18:59:35 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/10 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120208.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/10 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120208.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/25 21:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS -- (SymDS)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/09/14 03:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/09/06 05:13:42 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/07 15:23:30 | 000,408,064 | R--- | M] (Ativa Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ODWGU.sys -- (ODWGU(Ativa)) Ativa Wireless G USB Network Adapter(Ativa)
DRV - [2006/05/17 03:03:24 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 10:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://smallbusiness.bellsouth.net/
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070228
IE - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000002
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: {db35c6bd-d834-b8dd-d2f4-e6479dfebdcc}:0.3
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64970
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/08 11:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/08 16:06:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 15:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 13:16:45 | 000,000,000 | ---D | M]

[2009/10/22 12:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Extensions
[2009/10/22 12:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/02/08 11:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions
[2011/07/05 13:05:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/21 13:19:17 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/04/06 14:43:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Darell Blandshaw\Application Data\Mozilla\Firefox\Profiles\3otsvnu4.default\extensions\moveplayer@movenetworks.com
[2011/12/21 13:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DARELL BLANDSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3OTSVNU4.DEFAULT\EXTENSIONS\{DB35C6BD-D834-B8DD-D2F4-E6479DFEBDCC}.XPI
[2011/12/22 15:18:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/16 20:20:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/10/11 11:50:50 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/12/16 20:20:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\

O1 HOSTS File: ([2012/02/08 15:48:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NovaBackup 7 Tray Control] C:\Program Files\StompSoft\PC BackUp\NbkCtrl.exe (StompSoft, Inc.)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\Support.com\BellSouth\hcenter.exe (BellSouth)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ativa Wireless USB Utility.lnk = C:\Program Files\Ativa\USB AWGUA54\Wireless Utility\Ativawcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Darell Blandshaw\Start Menu\Programs\Startup\Eagle Listener.lnk = C:\3apps\Catapult\3listen.exe ()
O4 - Startup: C:\Documents and Settings\Darell Blandshaw\Start Menu\Programs\Startup\Eagle Scheduler.lnk = C:\3apps\Catapult\Sched.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1825289168-564950612-1891292674-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-1825289168-564950612-1891292674-1007\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} https://wc.wachovia.com/common/cab/ikcntrls.cab (Ikonic Menu Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86E114BA-0F17-437F-8660-2C26CCF4A375}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/21 14:45:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2008/10/21 14:45:23 | 000,000,034 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/18 19:16:20 | 000,000,183 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/08 15:32:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/08 15:32:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/08 15:32:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/08 15:32:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/08 15:32:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/08 14:19:25 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Darell Blandshaw\Desktop\boot_cleaner.exe
[2012/02/08 11:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\My Documents\Symantec
[2012/02/08 11:14:20 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/02/08 11:14:20 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/02/08 11:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/02/08 11:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/08 11:13:55 | 000,388,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symtdi.sys
[2012/02/08 11:13:55 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symtdiv.sys
[2012/02/08 11:13:54 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symefa.sys
[2012/02/08 11:13:54 | 000,574,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.sys
[2012/02/08 11:13:54 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symds.sys
[2012/02/08 11:13:54 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnets.sys
[2012/02/08 11:13:54 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.sys
[2012/02/08 11:13:53 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ironx86.sys
[2012/02/08 11:13:53 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccsetx86.sys
[2012/02/08 11:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1305000.091
[2012/02/08 11:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2012/02/08 11:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/02/08 11:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/02/08 11:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/02/08 11:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/02/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/08 11:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/02/07 16:02:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/02/03 12:52:38 | 002,494,504 | ---- | C] (Softthinks) -- C:\Backup.1.exe
[2012/02/02 09:50:20 | 000,000,000 | ---D | C] -- C:\System Recovery Files
[2012/01/18 10:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\Start Menu\Programs\Google Chrome
[2012/01/10 10:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2011
[2012/01/10 10:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\PCHealth
[2012/01/10 10:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Darell Blandshaw\Application Data\MediaWmplay
[2012/01/10 09:58:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/08 16:24:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/08 16:07:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/08 16:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/08 16:05:18 | 1038,061,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 15:48:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/08 14:54:01 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007UA.job
[2012/02/08 14:11:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\MBR.dat
[2012/02/08 13:59:28 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\VT20111023.022
[2012/02/08 11:14:44 | 000,609,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/08 11:14:20 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/02/08 11:14:20 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/02/08 11:14:20 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/02/08 11:14:20 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/02/08 11:14:13 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/02/08 10:04:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/02/07 15:54:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007Core.job
[2012/02/07 12:59:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 17:58:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/03 12:12:33 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\Shortcut to System Recovery files.lnk
[2012/02/03 00:19:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/02 07:06:12 | 002,494,504 | ---- | M] (Softthinks) -- C:\Backup.1.exe
[2012/02/02 06:42:11 | 4189,273,733 | ---- | M] () -- C:\Backup.2.fbw
[2012/01/23 20:51:24 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/23 20:51:23 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\Google Chrome.lnk
[2012/01/19 16:16:25 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
[2012/01/18 16:21:23 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\My Documents\1B81EA10
[2012/01/12 03:33:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/12 03:27:15 | 000,506,958 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/12 03:27:15 | 000,089,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/11 10:17:20 | 000,160,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/10 12:34:49 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/10 09:58:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tubulunu
[2012/02/08 15:32:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/08 15:32:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/08 15:32:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/08 15:32:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/08 15:32:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/08 14:11:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\MBR.dat
[2012/02/08 14:00:43 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\VT20111023.022
[2012/02/08 11:14:23 | 000,609,563 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/08 11:14:20 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/02/08 11:14:20 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/02/08 11:14:13 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/02/08 11:13:55 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnetv.cat
[2012/02/08 11:13:55 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnetv.inf
[2012/02/08 11:13:54 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symds.cat
[2012/02/08 11:13:54 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnet.cat
[2012/02/08 11:13:54 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symefa.cat
[2012/02/08 11:13:54 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.cat
[2012/02/08 11:13:54 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symefa.inf
[2012/02/08 11:13:54 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symds.inf
[2012/02/08 11:13:54 | 000,001,441 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnet.inf
[2012/02/08 11:13:54 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.inf
[2012/02/08 11:13:54 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.inf
[2012/02/08 11:13:53 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccsetx86.cat
[2012/02/08 11:13:53 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.cat
[2012/02/08 11:13:53 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\iron.cat
[2012/02/08 11:13:53 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccsetx86.inf
[2012/02/08 11:13:53 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\iron.inf
[2012/02/08 11:13:53 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\isolate.ini
[2012/02/03 12:53:02 | 4189,273,733 | ---- | C] () -- C:\Backup.2.fbw
[2012/02/03 12:12:33 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\Shortcut to System Recovery files.lnk
[2012/01/23 15:15:28 | 1038,061,568 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/18 16:21:23 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\My Documents\1B81EA10
[2012/01/18 10:46:24 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\Google Chrome.lnk
[2012/01/18 10:46:24 | 000,002,343 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/18 10:44:28 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007UA.job
[2012/01/18 10:44:26 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1825289168-564950612-1891292674-1007Core.job
[2012/01/11 11:01:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 10:47:39 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/10 10:46:58 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
[2011/11/07 12:44:36 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/10/07 12:50:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/07 09:29:22 | 000,815,759 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1825289168-564950612-1891292674-1007-0.dat
[2011/10/07 09:29:13 | 000,220,094 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/19 21:26:28 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2011/08/19 21:26:28 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2011/08/19 21:26:28 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\Gsw32.exe.config
[2011/08/05 15:17:03 | 000,288,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/20 11:09:47 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/03 11:51:11 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2008/10/21 14:45:25 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\Usqlcs32.dll
[2008/10/21 14:45:25 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\Ccmove32.dll
[2008/10/21 14:45:25 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\Ccchng32.dll
[2008/10/21 14:45:21 | 001,929,216 | ---- | C] () -- C:\WINDOWS\System32\PDFDLL32.DLL
[2008/10/21 14:45:17 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LFDRW14N.DLL
[2008/10/21 14:44:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\tmusbvb.dll
[2008/10/21 14:44:36 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\P3jpg32.dll
[2008/10/21 14:44:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\P32help.exe
[2008/10/21 14:41:04 | 000,004,254 | ---- | C] () -- C:\WINDOWS\3apps.ini
[2008/10/06 10:53:26 | 000,048,397 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[2008/09/08 12:10:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/07 13:27:51 | 001,646,592 | ---- | C] () -- C:\WINDOWS\System32\3wpn10.dll
[2008/07/07 13:27:45 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\3web.dll
[2008/07/07 13:27:12 | 012,517,376 | ---- | C] () -- C:\WINDOWS\System32\3viewA10.dll
[2008/07/07 13:25:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\3view10.dll
[2008/07/07 13:25:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\3rsmhtml.dll
[2008/07/07 13:25:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\3inslc10.dll
[2008/07/07 13:24:51 | 000,643,072 | ---- | C] () -- C:\WINDOWS\System32\3enum10.dll
[2008/07/07 13:24:15 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\n_uptrxns.dll
[2008/07/07 13:24:10 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\n_tqf.dll
[2008/07/07 13:24:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\n_signon.dll
[2008/07/07 13:23:55 | 003,891,200 | ---- | C] () -- C:\WINDOWS\System32\n_roa.dll
[2008/07/07 13:23:30 | 002,670,592 | ---- | C] () -- C:\WINDOWS\System32\n_qfind.dll
[2008/07/07 13:23:08 | 002,744,320 | ---- | C] () -- C:\WINDOWS\System32\n_prtlbl.dll
[2008/07/07 13:22:40 | 006,336,512 | ---- | C] () -- C:\WINDOWS\System32\n_pos.dll
[2008/07/07 13:21:45 | 008,716,288 | ---- | C] () -- C:\WINDOWS\System32\n_po.dll
[2008/07/07 13:21:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\n_na.dll
[2008/07/07 13:20:56 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\n_mvr.dll
[2008/07/07 13:20:39 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\n_mkrentcr.dll
[2008/07/07 13:20:18 | 006,426,624 | ---- | C] () -- C:\WINDOWS\System32\n_mcr.dll
[2008/07/07 13:19:49 | 001,691,648 | ---- | C] () -- C:\WINDOWS\System32\n_lhelper.dll
[2008/07/07 13:19:13 | 010,002,432 | ---- | C] () -- C:\WINDOWS\System32\n_imu.dll
[2008/07/07 13:18:14 | 006,504,448 | ---- | C] () -- C:\WINDOWS\System32\n_gl.dll
[2008/07/07 13:17:45 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\n_getoffln.dll
[2008/07/07 13:17:12 | 010,539,008 | ---- | C] () -- C:\WINDOWS\System32\n_ebrowser.dll
[2008/07/07 13:16:28 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\n_desklnk.dll
[2008/07/07 13:16:19 | 002,199,552 | ---- | C] () -- C:\WINDOWS\System32\n_catalog.dll
[2008/07/07 13:15:58 | 004,952,064 | ---- | C] () -- C:\WINDOWS\System32\n_bmgr.dll
[2008/07/07 13:15:22 | 002,904,064 | ---- | C] () -- C:\WINDOWS\System32\n_atmu.dll
[2008/07/07 13:15:02 | 002,588,672 | ---- | C] () -- C:\WINDOWS\System32\n_3wpn10.dll
[2008/07/07 13:14:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\n_3viewmgr.dll
[2008/07/07 13:14:52 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\n_3viewimp.dll
[2008/07/07 13:14:20 | 010,526,720 | ---- | C] () -- C:\WINDOWS\System32\n_3viewA10.dll
[2008/07/07 13:13:37 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\n_3usql.dll
[2008/07/07 13:13:23 | 002,424,832 | ---- | C] () -- C:\WINDOWS\System32\n_3spsif.dll
[2008/07/07 13:13:11 | 001,429,504 | ---- | C] () -- C:\WINDOWS\System32\n_3spmif.dll
[2008/07/07 13:12:56 | 003,919,872 | ---- | C] () -- C:\WINDOWS\System32\n_3spimp.dll
[2008/07/07 13:12:42 | 000,802,816 | ---- | C] () -- C:\WINDOWS\System32\n_3sku11.dll
[2008/07/07 13:12:37 | 000,802,816 | ---- | C] () -- C:\WINDOWS\System32\n_3simp.dll
[2008/07/07 13:12:21 | 002,347,008 | ---- | C] () -- C:\WINDOWS\System32\n_3scanner.dll
[2008/07/07 13:12:02 | 004,390,912 | ---- | C] () -- C:\WINDOWS\System32\n_3rsc.dll
[2008/07/07 13:11:28 | 007,110,656 | ---- | C] () -- C:\WINDOWS\System32\n_3lw.dll
[2008/07/07 13:10:55 | 001,380,352 | ---- | C] () -- C:\WINDOWS\System32\n_3hhi.dll
[2008/07/07 13:10:50 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\n_3filcpy.dll
[2008/07/07 13:10:43 | 001,740,800 | ---- | C] () -- C:\WINDOWS\System32\n_3devcfg.dll
[2008/07/07 13:10:20 | 006,385,664 | ---- | C] () -- C:\WINDOWS\System32\n_3archive.dll
[2008/07/07 13:08:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\3print10.dll
[2007/07/09 11:17:13 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/07/09 11:17:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/07/09 11:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/07/09 11:17:04 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI
[2007/07/09 11:16:37 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/07/09 11:16:37 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5240.DAT
[2007/06/21 09:56:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/06/21 09:55:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2007/05/24 15:09:58 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2007/05/24 15:09:58 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2007/05/08 14:26:58 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Darell Blandshaw\Local Settings\Application Data\fusioncache.dat
[2007/02/28 23:09:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/02/28 23:06:02 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/28 23:05:20 | 000,001,392 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/28 22:41:06 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/02/28 22:40:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/02/28 22:40:46 | 000,000,389 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/12/19 08:29:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 08:17:10 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,160,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,506,958 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,089,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 09:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 08:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2000/12/03 11:09:44 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\Torero1n.dll
[2000/04/12 18:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 18:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2000/03/22 11:42:52 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\Tscmg4n.dll
[2000/03/22 11:42:20 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\Toril1n.dll
[1999/03/11 12:43:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\3hist10.dll
[1997/11/25 07:54:04 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Mfldll32.dll
[1997/11/25 07:53:56 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Mffdib32.dll

========== LOP Check ==========

[2007/06/21 10:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2009/09/30 09:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4AC24A4B
[2011/11/07 12:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/07 13:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/11/08 16:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/01/04 11:20:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D2E28092-1950-4945-9895-A709AFF3AABD}
[2012/02/07 12:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Agirq
[2007/06/21 10:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\BellSouth
[2010/09/20 12:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\FXTS2
[2012/02/08 10:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Iqumypl
[2009/03/16 13:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\Leadertech
[2012/02/06 14:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\MediaWmplay
[2011/08/12 12:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Darell Blandshaw\Application Data\TightVNC
[2009/01/21 16:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/02/08 10:04:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
 
========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/10/21 14:45:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.001
[2008/10/21 14:45:23 | 000,000,034 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/02/02 07:06:12 | 002,494,504 | ---- | M] (Softthinks) -- C:\Backup.1.exe
[2012/02/02 06:42:11 | 4189,273,733 | ---- | M] () -- C:\Backup.2.fbw
[2007/06/21 09:56:11 | 009,630,336 | ---- | M] () -- C:\BellSouthIW.re~
[2011/06/10 11:23:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/28 12:24:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/08 15:54:00 | 000,016,667 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/28 22:42:36 | 000,005,494 | RH-- | M] () -- C:\dell.sdr
[2012/02/08 16:05:18 | 1038,061,568 | -HS- | M] () -- C:\hiberfil.sys
[2007/07/06 15:47:10 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2011/07/06 11:26:46 | 000,025,949 | ---- | M] () -- C:\JavaRa.log
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2012/01/09 16:22:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/08 16:05:17 | 1560,281,088 | -HS- | M] () -- C:\pagefile.sys
[2011/06/28 12:21:54 | 000,000,401 | ---- | M] () -- C:\rkill.log
[2012/02/08 11:34:29 | 000,064,832 | ---- | M] () -- C:\TDSSKiller.2.7.10.0_08.02.2012_11.34.02_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/06/21 13:16:02 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2012/01/09 16:28:48 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/05/08 14:27:07 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Darell Blandshaw\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2008/12/30 10:43:56 | 023,804,784 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\aaw2008.exe
[2011/09/20 03:02:00 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Darell Blandshaw\Desktop\boot_cleaner.exe
[2008/12/23 12:44:33 | 001,226,248 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Darell Blandshaw\Desktop\DMSetup.exe
[2011/01/03 12:56:06 | 008,224,280 | ---- | M] (FXCM ) -- C:\Documents and Settings\Darell Blandshaw\Desktop\FXTS2Install(2).EXE
[2010/05/03 14:48:23 | 017,814,819 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\FXTS2Install.EXE
[2011/03/08 15:06:45 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Darell Blandshaw\Desktop\install_flash_player(3).exe
[2008/09/09 12:05:35 | 001,495,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Darell Blandshaw\Desktop\install_flash_player.exe
[2009/10/22 12:09:19 | 018,665,720 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Darell Blandshaw\Desktop\LimeWireWin.exe
[2011/01/03 12:23:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Darell Blandshaw\Desktop\mbam-setup-1.50.1.1100.exe
[2009/07/10 13:24:47 | 012,928,042 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\MICROLOTFXTS2Install.EXE
[2010/06/08 13:13:25 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Darell Blandshaw\Desktop\QuickTimeInstaller.exe
[2009/03/16 13:28:01 | 031,373,472 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\R158510.EXE
[2009/03/16 13:23:17 | 030,527,088 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\R159293.EXE
[2011/01/03 11:50:20 | 015,992,432 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Darell Blandshaw\Desktop\rminstall.exe
[2010/01/15 12:49:31 | 000,589,824 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\setup(2).exe
[2008/10/06 10:52:13 | 004,092,943 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\veetle-0.9.7.exe
[2010/10/22 12:08:40 | 001,135,080 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\Desktop\yahoomailuploader_0.5.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/10/21 14:40:01 | 008,658,288 | ---- | M] (ATT Internet Services ) -- C:\Documents and Settings\Darell Blandshaw\HC43SInstaller.exe
[2010/12/06 11:26:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Darell Blandshaw\mstsc.exe

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/05/08 14:27:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Darell Blandshaw\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/08 16:18:17 | 000,196,608 | -HS- | M] () -- C:\Documents and Settings\Darell Blandshaw\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 2/8/2012 4:20:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Darell Blandshaw\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.90 Mb Total Physical Memory | 266.60 Mb Available Physical Memory | 26.93% Memory free
2.33 Gb Paging File | 1.28 Gb Available in Paging File | 55.01% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 110.46 Gb Free Space | 74.15% Space Free | Partition Type: NTFS
Drive D: | 643.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 148.96 Gb Total Space | 54.07 Gb Free Space | 36.30% Space Free | Partition Type: NTFS

Computer Name: DARELL | User Name: Darell Blandshaw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\3apps\Catapult\3listen.exe" = C:\3apps\Catapult\3listen.exe:*:Enabled:E4W TCP/IP Listener -- ()
"C:\3apps\Catapult\3lhelper.exe" = C:\3apps\Catapult\3lhelper.exe:*:Enabled:E4W Listener Helper -- ()
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe:*:Enabled:QuickBooks 2012 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA3FFE3-B30C-497E-8F83-1A4D6BD9041F}" = Ativa Wireless USB Utility
"{22B274BE-BEE8-4D8C-AEAF-75DB9350A7A1}" = QuickBooks Premier Edition 2012
"{230EF993-9932-4650-B7BF-E9455695BEAB}" = QuickBooks Server 2012
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{293B2D75-5735-4DFE-8642-F0EDEE9EB064}" = TurboTax 2010 wgaiper
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2b02f826-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Contractor Edition 2004
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{596ECF31-381D-406D-9C22-6B805C3D7A8F}" = TurboTax 2011 wgaiper
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD OD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7159715B-8F47-48FD-AC90-71A60D32A01B}" = PC BackUp
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7D3A6B8F-45C1-4814-967E-6D84BBB868CD}" = ATI Catalyst Control Center
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{840607F9-44C8-4282-95F3-5A196AC5C80A}" = Brother HL-5240
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"BellSouth" = BellSouth FastAccess DSL Help Center
"BellSouth Application Management" = BellSouth Application Management
"blstoolbar" = BellSouth Toolbar 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Eagle for Windows" = Eagle for Windows
"Eagle for Windows Training Browser" = Eagle for Windows Training Browser
"ESET Online Scanner" = ESET Online Scanner v3
"FXCM Trading Station" = FXCM Trading Station
"ie8" = Windows Internet Explorer 8
"InstallShield_{1BA3FFE3-B30C-497E-8F83-1A4D6BD9041F}" = Ativa Wireless USB Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.5.11
"Registry Mechanic_is1" = Registry Mechanic 10.0
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2005" = TurboTax Premier 2005
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1825289168-564950612-1891292674-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GFFOREX Forex Trading " = GFFOREX Forex Trading
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2012 3:37:32 PM | Computer Name = DARELL | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/7/2012 7:27:02 PM | Computer Name = DARELL | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 2/8/2012 11:09:53 AM | Computer Name = DARELL | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/8/2012 11:09:53 AM | Computer Name = DARELL | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/8/2012 11:09:53 AM | Computer Name = DARELL | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/8/2012 4:27:04 PM | Computer Name = DARELL | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 2/8/2012 5:12:57 PM | Computer Name = DARELL | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/8/2012 5:12:57 PM | Computer Name = DARELL | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/8/2012 5:12:57 PM | Computer Name = DARELL | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 2/8/2012 5:13:10 PM | Computer Name = DARELL | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.5.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

[ System Events ]
Error - 1/23/2012 5:00:57 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2012 5:00:58 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2012 5:00:58 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/1/2012 4:17:27 AM | Computer Name = DARELL | Source = DCOM | ID = 10010
Description = The server {76DEF3AC-2910-4234-9EE2-C81B2D45833A} did not register
with DCOM within the required timeout.

Error - 2/1/2012 1:01:10 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the wscsvc service.

Error - 2/6/2012 3:39:16 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/6/2012 3:43:35 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/7/2012 3:33:33 PM | Computer Name = DARELL | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
Writer share name Printer.

Error - 2/8/2012 4:31:59 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7034
Description = The QuickBooksDB22 service terminated unexpectedly. It has done this
1 time(s).

Error - 2/8/2012 4:34:42 PM | Computer Name = DARELL | Source = Service Control Manager | ID = 7034
Description = The NMSAccess service terminated unexpectedly. It has done this 1
time(s).


< End of report >
 
I also could not remove the registry mechanic, because it said it was missing a file, so i could not uninstall. what should I do?
 
Back