Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

About: blank infected


  • This topic is locked This topic is locked
16 replies to this topic

#1 Zia Lynn

Zia Lynn

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 03 August 2009 - 03:10 PM

Am at my wits end :thumbup2: with this thing. Have tried various fixes I have found all over the internet and nothing has worked to this point. It has not touched my homepage, but when I attempt to open a link from a webpage I get a blank IE window and nothing else. It also interferes with an OE mail recovery software I've been trying to use. Am unable to work at this point. Any help is extremely appreciated. Below is the DDS.txt and the Attach.txt is attached. I'm standing by for any sage advice. Thank you.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Lynn Diederichsen at 23:24:00.35 on Sun 08/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1983.1462 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090802-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Lynn Diederichsen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: Virtual Assistant Networking Toolbar: {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - c:\program files\virtual_assistant_networking\tbVir1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Virtual Assistant Networking Toolbar: {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - c:\program files\virtual_assistant_networking\tbVir1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Virtual Assistant Networking Toolbar: {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - c:\program files\virtual_assistant_networking\tbVir1.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\lynndi~1\startm~1\programs\startup\mysurv~1.lnk - c:\program files\mysurvey messenger\MySurveyMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Acrobat Assistant.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218053491421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-30 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-7 114768]
R1 Start1Driver;Start1Driver;c:\windows\system32\drivers\Start1Driver.SYS [2009-7-30 5120]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-7 138680]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-7 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-7 352920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-6-5 297472]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-8-6 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-8-6 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-8-6 81288]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-8-6 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-8-6 1073544]

=============== Created Last 30 ================

2009-08-02 20:40 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-02 20:28 219,648 a------- c:\windows\PEV.exe
2009-08-02 20:28 161,792 a------- c:\windows\SWREG.exe
2009-08-02 20:28 98,816 a------- c:\windows\sed.exe
2009-08-01 16:46 <DIR> --d----- c:\documents and settings\lynn diederichsen\log
2009-07-30 17:13 <DIR> --dshr-- C:\cmdcons
2009-07-30 17:13 <DIR> --d----- c:\windows\setup.pss
2009-07-30 17:13 <DIR> --d----- c:\windows\setupupd
2009-07-30 17:06 31,928 -------- c:\windows\system32\rrMon.sys
2009-07-30 17:06 <DIR> --d----- c:\program files\Registrar Registry Manager
2009-07-30 15:07 19,096 -------- c:\windows\system32\drivers\mbam.sys
2009-07-30 14:56 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-30 14:04 64,160 -------- c:\windows\system32\drivers\Lbd.sys
2009-07-30 14:04 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-30 13:44 5,120 -------- c:\windows\system32\drivers\Start1Driver.SYS
2009-07-29 21:03 2,335,008 ---sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-29 21:03 32,348 ---sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-29 21:03 15,136 ---sh--- c:\windows\system32\drivers\fidbox2.dat
2009-07-29 21:03 2,444 ---sh--- c:\windows\system32\drivers\fidbox2.idx
2009-07-29 21:03 3,120 -------- C:\rollback.ini
2009-07-29 20:47 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-07-29 20:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-07-28 20:32 <DIR> --d----- c:\program files\Time Stamp
2009-07-22 13:04 <DIR> --d----- C:\8a00cfde0b96d959cd921a
2009-07-22 13:04 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-22 12:54 <DIR> --d----- c:\program files\DYMO
2009-07-22 12:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DYMO
2009-07-21 14:29 18 -------- c:\windows\gfact.ini
2009-07-21 14:29 <DIR> --d----- c:\windows\Super Mario Final
2009-07-21 12:53 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-21 12:53 380,928 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-07-21 12:53 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-21 12:53 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-21 12:53 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-21 12:53 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-07-21 12:53 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-07-21 12:53 2,452,872 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-07-21 12:53 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-04 11:16 <DIR> --d----- C:\thumb drive

==================== Find3M ====================

2009-07-22 13:09 8,086 ---shr-- c:\program files\uninstall.log
2009-07-13 13:36 38,160 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 13:16 60,744 -------- c:\documents and settings\lynn diederichsen\g2mdlhlpx.exe
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-24 17:02 516,096 -------- c:\windows\iwexec.exe
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll

============= FINISH: 23:24:21.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 13 August 2009 - 05:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Zia Lynn

Zia Lynn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 14 August 2009 - 01:20 PM

Thank you for your reply. I thought I was able to stop the "about: blank" problem by running each of the following multiple times: Avast, Trend Micro Housecall, Ad-Aware, Malwarebytes, Spybot Search & Destroy, CCleaner. A family member that is an IT person connected to my computer and looked through my registry and deleted some suspicious or odd entries. When I re-started my computer and logged into a website and then clicked onto a link, I was able to go through to that link instead of getting the "about: blank" window that gets me nowhere fast.

However, I had suffered an email crash with OE and when I tried to run my OE mail recovery software, after I select the .dbx folder that I want to try to recover, I am still receiving the following Window/Warning:

Windows Internet Explorer
Cannot find 'about: blank'. Make sure the path or Internet Address is correct.

Help. Attached are the requested scan results. I look forward to hearing from anyone of the moderators that can help me.

Lynn


DDS (Ver_09-07-30.01) - NTFSx86
Run by Lynn Diederichsen at 13:03:04.78 on Fri 08/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1983.1398 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090813-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\FTR\ForTheRecord\FTR.TREdge.DeviceDetector.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Lynn Diederichsen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: Virtual Assistant Networking Toolbar: {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - c:\program files\virtual_assistant_networking\tbVir1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Virtual Assistant Networking Toolbar: {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - c:\program files\virtual_assistant_networking\tbVir1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Virtual Assistant Networking Toolbar: {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - c:\program files\virtual_assistant_networking\tbVir1.dll
TB: {A057A204-BACC-4D26-8287-79A187E26987} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DeviceDetector] c:\program files\ftr\fortherecord\FTR.TREdge.DeviceDetector.exe
mRun: [TheRecordNavigatorDetector]
StartupFolder: c:\docume~1\lynndi~1\startm~1\programs\startup\mysurv~1.lnk - c:\program files\mysurvey messenger\MySurveyMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Acrobat Assistant.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: farmersinsurance.com\css
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218053491421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021} - c:\progra~1\netexc~1.0\FlowHook.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lynndi~1\applic~1\mozilla\firefox\profiles\mxi9e7ev.default\
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-30 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-7 114768]
R1 Start1Driver;Start1Driver;c:\windows\system32\drivers\Start1Driver.SYS [2009-7-30 5120]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-7 138680]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-6-5 297472]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-7 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-7 352920]

=============== Created Last 30 ================

2009-08-12 22:26 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-12 10:08 <DIR> --d----- c:\program files\DYMO Stamps
2009-08-06 21:25 <DIR> --d----- C:\FTRSettings
2009-08-06 21:25 <DIR> --d----- c:\program files\FTR
2009-08-06 21:25 <DIR> --d----- c:\program files\WMV9_VCM
2009-08-06 21:24 <DIR> --d----- c:\program files\CA VMN Anti-Spyware
2009-08-06 21:24 <DIR> --d----- c:\docume~1\lynndi~1\applic~1\EmailNotifier
2009-08-06 21:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EmailNotifier
2009-08-06 21:24 <DIR> --d----- c:\program files\Visicom Media
2009-08-05 17:34 108,920 a------- c:\documents and settings\lynn diederichsen\g2ax_customer_downloadhelper_win32_x86.exe
2009-08-04 15:46 2,086 a------- c:\windows\system32\tmp.reg
2009-08-04 15:44 <DIR> --d----- c:\documents and settings\lynn diederichsen\SmitfraudFix
2009-08-02 20:40 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-02 20:28 219,648 a------- c:\windows\PEV.exe
2009-08-02 20:28 161,792 a------- c:\windows\SWREG.exe
2009-08-02 20:28 98,816 a------- c:\windows\sed.exe
2009-08-01 16:46 <DIR> --d----- c:\documents and settings\lynn diederichsen\log
2009-07-30 17:13 <DIR> --dshr-- C:\cmdcons
2009-07-30 17:13 <DIR> --d----- c:\windows\setup.pss
2009-07-30 17:13 <DIR> --d----- c:\windows\setupupd
2009-07-30 17:06 31,928 -------- c:\windows\system32\rrMon.sys
2009-07-30 17:06 <DIR> --d----- c:\program files\Registrar Registry Manager
2009-07-30 14:56 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-30 14:04 64,160 -------- c:\windows\system32\drivers\Lbd.sys
2009-07-30 14:04 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-30 13:44 5,120 -------- c:\windows\system32\drivers\Start1Driver.SYS
2009-07-29 21:03 2,335,008 ---sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-29 21:03 32,348 ---sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-29 21:03 15,136 ---sh--- c:\windows\system32\drivers\fidbox2.dat
2009-07-29 21:03 2,444 ---sh--- c:\windows\system32\drivers\fidbox2.idx
2009-07-29 21:03 3,120 -------- C:\rollback.ini
2009-07-29 20:47 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-07-29 20:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-07-28 20:32 <DIR> --d----- c:\program files\Time Stamp
2009-07-22 13:04 <DIR> --d----- C:\8a00cfde0b96d959cd921a
2009-07-22 13:04 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-22 12:54 <DIR> --d----- c:\program files\DYMO
2009-07-22 12:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DYMO
2009-07-21 14:29 18 -------- c:\windows\gfact.ini
2009-07-21 14:29 <DIR> --d----- c:\windows\Super Mario Final
2009-07-21 12:53 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-21 12:53 380,928 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-07-21 12:53 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-21 12:53 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-21 12:53 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-21 12:53 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-07-21 12:53 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-07-21 12:53 2,452,872 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-07-21 12:53 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll

==================== Find3M ====================

2009-08-11 11:48 516,096 a------- c:\windows\iwexec.exe
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-22 13:09 8,086 ---shr-- c:\program files\uninstall.log
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-01 13:16 60,744 -------- c:\documents and settings\lynn diederichsen\g2mdlhlpx.exe
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-25 13:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 13:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 13:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 13:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 13:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 13:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 13:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 13:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 13:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 13:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 13:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 13:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-22 06:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 06:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 06:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 06:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 06:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-09 10:06 1,871,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-20 14:06 9,216 a------- c:\windows\system32\LW400MON.DLL

============= FINISH: 13:03:23.62 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 15 August 2009 - 03:31 PM

Hi Zia Lynn,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

I will be back soon with the first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 Zia Lynn

Zia Lynn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 15 August 2009 - 04:07 PM

Thanks, m0le. I await your instructions ...

Zia

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 15 August 2009 - 06:55 PM

Hi again,

There's a piece of adware in your drivers which has to go but first let's check for other problems.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Now let's remove the adware

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Please can you also run OTL

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Please let me know if the about:blank problem disappears after running these programs as well as posting the logs. (RootRepeal, MBAM, OTL).

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 Zia Lynn

Zia Lynn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 15 August 2009 - 09:13 PM

Invalid PE image found! is the error message I keep receiving when I open RootRepeal. I don't see any boxes to select but I have attached the results of the s

can as rootrepeal.txt.

Here's the Malwarebytes results. It found nothing:

Malwarebytes' Anti-Malware 1.40
Database version: 2631
Windows 5.1.2600 Service Pack 2

8/15/2009 09:06:04 PM
mbam-log-2009-08-15 (21-06-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 209923
Time elapsed: 56 minute(s), 21 second(s)

Memory Processes Infected: 02105R-04993-01
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here are the OTL results:


OTL Extras logfile created on: 8/15/2009 09:07:08 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Lynn Diederichsen\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.91% Memory free
3.19 Gb Paging File | 2.67 Gb Available in Paging File | 83.56% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 69.93 Gb Free Space | 46.92% Space Free | Partition Type: NTFS
Drive D: | 9.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LYNN-HOME
Current User Name: Lynn Diederichsen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"85:TCP" = 85:TCP:*:Enabled:BroadWave Web Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Phantom EFX\OnlineCasino\Bin\Prelauncher.exe" = C:\Program Files\Phantom EFX\OnlineCasino\Bin\Prelauncher.exe:*:Enabled:Prelauncher -- ()
"C:\Program Files\Phantom EFX\OnlineCasino\Launcher\OLCLauncher.exe" = C:\Program Files\Phantom EFX\OnlineCasino\Launcher\OLCLauncher.exe:*:Enabled:OLCLauncher -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{16115E10-502B-4EA0-BD39-4DA329AD89E2}" = BELKIN F5U109
"{2665A3DC-7019-4830-8E25-E580DF18302E}" = Ghost Town
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{397EF8BA-A868-43AF-9E75-AF26C32954B2}" = TurboTax 2008 wmoiper
"{3CFCDC11-4584-464B-9194-594D6E1CB246}" = MySurvey Messenger
"{565E29BB-5863-46FD-ABF3-8074FBB5BAFF}" = QBFC 4.0
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8EB39AA7-4019-4550-AF6C-BE51BB27B446}" = TC Web Conferencing
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{96D453E9-D8B3-44CE-8DDE-20AA90BA5838}" = TheRecord Player
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF7B8DA-6CB6-4E09-B802-EA955B88C51F}" = Masque Slots featuring WMS Gaming
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D5CAEAE4-0FBE-4636-B982-EE18942BFA80}" = X215
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEF1D6A8-0A57-4A7A-8C12-FFDEBC1BEC45}" = Lexmark X215
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE85D571-8BFE-4AB9-A7FB-54BBCA2E910B}" = Family Tree Maker
"7-Zip" = 7-Zip 4.57
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"avast!" = avast! Antivirus
"Big Kahuna Reef_is1" = Big Kahuna Reef
"CA_VMN_antispyware" = CA VMN Anti-Spyware (remove only)
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Shrink_is1" = DVD Shrink 3.2
"DYMO Label Software" = DYMO Label Software
"DYMO Label v.8" = DYMO Label v.8
"DYMO Stamps" = DYMO Stamps
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"HijackThis" = HijackThis 2.0.2
"Hoyle Word Games 3 OEM" = Hoyle Word Games 3 OEM
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{96D453E9-D8B3-44CE-8DDE-20AA90BA5838}" = TheRecord Player
"KeynoteConnector" = Keynote Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Masque Slots" = Masque Slots
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microtek ScanWizard 5" = Microtek ScanWizard 5
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetExchangePro 3.0" = NetExchangePro 3.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OE-Mail Recovery_is1" = OE-Mail Recovery 1.7.7
"PrimoPDF4.1.0.9" = PrimoPDF
"Registrar_is1" = Registrar Registry Manager 6.02
"Scribe" = Express Scribe
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Time Stamp_is1" = Time Stamp
"TurboTax 2008" = TurboTax 2008
"Tweak UI 2.10" = Tweak UI
"Virtual_Assistant_Networking Toolbar" = Virtual_Assistant_Networking Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/8/2008 09:17:02 PM | Computer Name = LYNN-HOME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
A:\NETWARE\NETWARE.EXE failed, 0000001E.

Error - 8/5/2008 04:42:20 PM | Computer Name = LYNN-HOME | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 8/5/2008 05:40:48 PM | Computer Name = LYNN-HOME | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 11/4/2008 02:07:05 AM | Computer Name = LYNN-HOME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\dvdshrink32setup.exe failed, 00000005.

Error - 11/25/2008 07:41:42 PM | Computer Name = LYNN-HOME | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Lynn Diederichsen\My Documents\Basil McRae & Associates\Disability\Binders
08-09\CreditCardAuthInFull031007.pdf failed, 0000A413.

[ Application Events ]
Error - 8/6/2009 11:02:42 PM | Computer Name = LYNN-HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module unknown, version 0.0.0.0, fault address 0x00000016.

Error - 8/6/2009 11:02:50 PM | Computer Name = LYNN-HOME | Source = Application Error | ID = 1001
Description = Fault bucket 1389409994.

Error - 8/8/2009 07:12:00 AM | Computer Name = LYNN-HOME | Source = nview_info | ID = 11141121
Description =

Error - 8/8/2009 07:25:37 PM | Computer Name = LYNN-HOME | Source = nview_info | ID = 11141121
Description =

Error - 8/12/2009 01:37:42 PM | Computer Name = LYNN-HOME | Source = Application Error | ID = 1000
Description = Faulting application mysurveymessenger.exe, version 1.0.0.1, faulting
module mysurveymessenger.exe, version 1.0.0.1, fault address 0x0000792f.

Error - 8/12/2009 01:38:14 PM | Computer Name = LYNN-HOME | Source = Application Error | ID = 1001
Description = Fault bucket 467103636.

Error - 8/12/2009 03:29:16 PM | Computer Name = LYNN-HOME | Source = Application Error | ID = 1000
Description = Faulting application webconferenceplugin.exe, version 8.13.0.0, faulting
module webconferenceplugin.exe, version 8.13.0.0, fault address 0x000d1d06.

Error - 8/12/2009 03:29:22 PM | Computer Name = LYNN-HOME | Source = Application Error | ID = 1001
Description = Fault bucket 1408855294.

Error - 8/12/2009 04:48:46 PM | Computer Name = LYNN-HOME | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.2180, faulting module
msoe.dll, version 6.0.2900.3138, fault address 0x000567cd.

Error - 8/13/2009 11:01:37 AM | Computer Name = LYNN-HOME | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 8/12/2009 04:51:36 PM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/13/2009 08:36:31 AM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 8/13/2009 08:36:31 AM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 8/13/2009 08:35:35 PM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 8/13/2009 08:35:35 PM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 8/15/2009 09:37:33 AM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 8/15/2009 09:37:33 AM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 8/15/2009 09:37:35 AM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/15/2009 01:31:25 PM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 8/15/2009 01:31:25 PM | Computer Name = LYNN-HOME | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079


< End of report >

OTL logfile created on: 8/15/2009 09:07:08 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Lynn Diederichsen\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.91% Memory free
3.19 Gb Paging File | 2.67 Gb Available in Paging File | 83.56% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 69.93 Gb Free Space | 46.92% Space Free | Partition Type: NTFS
Drive D: | 9.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LYNN-HOME
Current User Name: Lynn Diederichsen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/05 16:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/04 15:22:32 | 00,028,672 | ---- | M] (FTR) -- C:\Program Files\FTR\ForTheRecord\FTR.TREdge.DeviceDetector.exe
PRC - [2003/10/23 23:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2008/05/02 03:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/07/02 15:46:10 | 00,651,264 | ---- | M] () -- C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
PRC - [2008/05/02 03:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/07/01 14:28:54 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/06/29 03:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/08/03 13:36:10 | 01,295,632 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/08/15 19:36:52 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Diederichsen\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/20 14:18:28 | 00,297,472 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 16:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/27 18:05:48 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate [Auto | Stopped])
SRV - [2006/02/28 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2009/07/03 09:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2008/05/02 03:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/01 14:28:54 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/04/09 00:47:58 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Disabled | Stopped])
SRV - [2006/11/09 18:30:14 | 00,065,536 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2006/02/28 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 16:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2007/04/16 21:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdPPM.sys -- (AmdPPM [System | Running])
DRV - [1996/07/12 19:31:10 | 00,014,528 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [Auto | Running])
DRV - [2009/02/05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 16:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2004/08/11 16:39:38 | 00,041,984 | R--- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgivEcp.Sys -- (DgivEcp [Auto | Running])
DRV - [2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys -- (elagopro [Auto | Running])
DRV - [2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys -- (elaunidr [Auto | Running])
DRV - [2004/08/03 18:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2001/08/17 08:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2001/08/17 14:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\hidgame.sys -- (hidgame [On_Demand | Stopped])
DRV - [2006/08/01 19:07:02 | 04,356,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/02/29 04:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2008/02/29 04:12:56 | 00,063,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2009/07/03 09:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/02/29 04:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 04:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 04:13:36 | 00,079,120 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2008/07/01 14:26:46 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/07/01 14:30:24 | 00,105,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2008/07/01 14:29:46 | 00,057,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/07/01 14:29:46 | 00,020,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/03/14 06:48:40 | 00,005,120 | ---- | M] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS -- (Start1Driver [System | Running])
DRV - [2004/05/05 02:25:02 | 00,023,296 | ---- | M] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\DRIVERS\u2s2kxp.sys -- (U2SP [On_Demand | Stopped])
DRV - [2005/12/24 03:25:10 | 00,006,861 | R--- | M] (Conexant Systems, Inc) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys [On_Demand | Stopped])
DRV - [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/defaulta.aspx
IE - URLSearchHook: {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - C:\Program Files\Virtual_Assistant_Networking\tbVir1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1935655697-412668190-725345543-1003\S-1-5-21-1935655697-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-412668190-725345543-1003\S-1-5-21-1935655697-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/30 21:03:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/11 13:36:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/11 13:36:25 | 00,000,000 | ---D | M]

[2009/08/11 13:36:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Diederichsen\Application Data\mozilla\Extensions
[2009/08/11 13:36:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Diederichsen\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/14 12:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Diederichsen\Application Data\mozilla\Firefox\Profiles\mxi9e7ev.default\extensions
[2009/08/14 12:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Diederichsen\Application Data\mozilla\Firefox\Profiles\mxi9e7ev.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/11 13:36:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/11 13:36:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/30 06:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 06:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/30 06:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/30 02:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 02:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 02:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 02:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 02:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 02:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 02:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Virtual Assistant Networking Toolbar) - {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - C:\Program Files\Virtual_Assistant_Networking\tbVir1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Virtual Assistant Networking Toolbar) - {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - C:\Program Files\Virtual_Assistant_Networking\tbVir1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\..\Toolbar\WebBrowser: (Virtual Assistant Networking Toolbar) - {C9021CF0-FCF9-48F9-B03C-C5C74CA95278} - C:\Program Files\Virtual_Assistant_Networking\tbVir1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DeviceDetector] C:\Program Files\FTR\ForTheRecord\FTR.TREdge.DeviceDetector.exe (FTR)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TheRecordNavigatorDetector] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Lynn Diederichsen\Start Menu\Programs\Startup\MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1935655697-412668190-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\..Trusted Domains: farmersinsurance.com ([css] https in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-412668190-725345543-1003\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applicatio...torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1218053491421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\flowto {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 13:33:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/08/15 19:36:50 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lynn Diederichsen\Desktop\OTL.exe
[2009/08/15 19:32:45 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/15 19:32:43 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/15 19:32:41 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/15 19:31:27 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lynn Diederichsen\Desktop\mbam-setup.exe
[2009/08/15 19:26:55 | 00,465,298 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\RootRepeal.rar
[2009/08/15 19:23:24 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\RootRepeal.zip
[2009/08/14 13:03:00 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\dds.scr
[2009/08/13 19:21:48 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Top 10 Features of a Well.doc
[2009/08/12 22:26:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/08/12 15:49:11 | 00,055,296 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Great Personality.doc
[2009/08/12 12:30:13 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Steve Hake Resume July 09.doc
[2009/08/12 10:08:57 | 00,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DYMO Stamps.lnk
[2009/08/12 10:08:48 | 00,000,000 | ---D | C] -- C:\Program Files\DYMO Stamps
[2009/08/12 10:06:40 | 00,654,072 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\DYMOstampsWebSetup.exe
[2009/08/11 13:36:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/11 13:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Local Settings\Application Data\Mozilla
[2009/08/11 13:36:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Application Data\Mozilla
[2009/08/11 13:36:27 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/11 13:36:24 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/08/10 22:39:43 | 00,613,376 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\09NJECRoster_vsRussia.doc
[2009/08/09 19:25:26 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/08/07 11:39:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Alan
[2009/08/06 23:07:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Transcription
[2009/08/06 21:25:57 | 00,000,000 | ---D | C] -- C:\FTRSettings
[2009/08/06 21:25:31 | 00,000,000 | ---D | C] -- C:\Program Files\FTR
[2009/08/06 21:25:21 | 00,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2009/08/06 21:24:10 | 00,000,000 | ---D | C] -- C:\Program Files\CA VMN Anti-Spyware
[2009/08/06 21:24:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Application Data\EmailNotifier
[2009/08/06 21:24:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009/08/06 21:24:06 | 00,000,000 | ---D | C] -- C:\Program Files\Visicom Media
[2009/08/06 20:17:06 | 60,857,536 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Lynn Diederichsen\My Documents\Ad-AwareAE.exe
[2009/08/06 19:57:59 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Lynn Diederichsen\My Documents\avast_home_setup.exe
[2009/08/05 22:19:33 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/05 17:34:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Local Settings\Application Data\Citrix
[2009/08/05 17:28:06 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/04 15:48:13 | 01,885,088 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\SmitfraudFix.exe
[2009/08/04 15:46:45 | 00,002,086 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/04 15:44:59 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/08/04 15:44:59 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/08/04 15:44:59 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/08/04 15:44:58 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/08/04 15:44:58 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/08/04 15:44:58 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/08/04 15:44:58 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/08/04 15:44:58 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/08/04 15:44:58 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/08/04 15:44:58 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/08/04 15:44:58 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/08/04 15:44:58 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/08/04 15:44:58 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/08/04 15:44:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/08/02 21:08:34 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/02 20:40:51 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/02 20:40:51 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/02 20:40:51 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/02 20:40:51 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/02 20:40:51 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/02 20:40:51 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/02 20:40:51 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/02 20:40:51 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/02 20:40:51 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/02 20:40:51 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/02 20:40:51 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/02 20:40:51 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/02 20:40:50 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/02 20:40:50 | 02,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/02 20:40:50 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/02 20:40:50 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/02 20:40:50 | 00,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/02 20:40:50 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/02 20:40:50 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/02 20:40:50 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/02 20:40:50 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/02 20:40:50 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/02 20:40:50 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/02 20:40:50 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/02 20:40:50 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/02 20:40:50 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/08/02 20:40:50 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/02 20:40:50 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/02 20:40:50 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/02 20:40:50 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/02 20:40:50 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/02 20:40:50 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/02 20:40:50 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/02 20:40:50 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/02 20:40:50 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/02 20:40:50 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/02 20:40:50 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/02 20:40:50 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/02 20:40:50 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/02 20:40:50 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/02 20:40:50 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/02 20:40:50 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/02 20:40:49 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/02 20:40:49 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/02 20:40:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/02 20:28:14 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/02 20:28:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/02 20:28:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/02 20:28:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/02 20:28:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/02 20:28:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/02 20:28:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/02 20:28:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/02 20:28:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/02 20:27:38 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/01 12:24:17 | 00,035,417 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\maxine.eml
[2009/07/31 09:01:56 | 02,371,379 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\pushmower parts list.pdf
[2009/07/30 17:13:39 | 00,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2009/07/30 17:13:37 | 00,260,272 | RHS- | C] () -- C:\cmldr
[2009/07/30 17:13:24 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/30 17:13:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2009/07/30 17:13:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2009/07/30 17:06:15 | 00,031,928 | ---- | C] (Resplendence Software Projects Sp) -- C:\WINDOWS\System32\rrMon.sys
[2009/07/30 17:06:11 | 00,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2009/07/30 17:06:11 | 00,097,888 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
[2009/07/30 17:06:11 | 00,000,684 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Registrar Registry Manager.lnk
[2009/07/30 17:06:10 | 00,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2009/07/30 14:56:46 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/30 14:05:07 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/30 14:04:53 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/30 14:04:10 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/07/30 13:44:01 | 00,005,120 | ---- | C] (F.Y.N. Technology Inc.) -- C:\WINDOWS\System32\drivers\Start1Driver.SYS
[2009/07/29 21:03:33 | 02,335,008 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/07/29 21:03:33 | 00,032,348 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/07/29 21:03:33 | 00,015,136 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/07/29 21:03:33 | 00,002,444 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/07/29 21:03:15 | 00,003,120 | ---- | C] () -- C:\rollback.ini
[2009/07/29 20:47:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/07/29 20:47:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/07/29 20:46:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Local Settings\Application Data\Downloaded Installations
[2009/07/29 12:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Local Settings\Application Data\Sanford,_L.P
[2009/07/28 20:32:37 | 00,000,645 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Time Stamp.lnk
[2009/07/28 20:32:36 | 00,000,000 | ---D | C] -- C:\Program Files\Time Stamp
[2009/07/28 20:29:22 | 00,096,256 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\Marketing Funnel.doc
[2009/07/28 20:29:14 | 00,375,296 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\Info Products.doc
[2009/07/28 20:28:46 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\Package Your Services.doc
[2009/07/28 20:28:31 | 00,103,936 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\About Pam.doc
[2009/07/27 20:06:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Mail Backup 7-27-09
[2009/07/27 18:07:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Application Data\Google
[2009/07/27 18:05:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Local Settings\Application Data\Temp
[2009/07/27 18:05:51 | 00,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/27 18:05:51 | 00,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/27 18:05:48 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/07/27 18:05:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Local Settings\Application Data\Google
[2009/07/22 13:30:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\My Documents\DYMO Label
[2009/07/22 13:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\Local Settings\Application Data\DYMO
[2009/07/22 13:09:09 | 00,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DYMO Label v.8.lnk
[2009/07/22 13:07:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/07/22 13:04:52 | 00,000,000 | ---D | C] -- C:\8a00cfde0b96d959cd921a
[2009/07/22 13:04:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/22 12:54:45 | 00,000,000 | ---D | C] -- C:\Program Files\DYMO
[2009/07/22 12:54:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DYMO
[2009/07/22 11:48:07 | 31,622,312 | ---- | C] (Sanford, L.P.) -- C:\Documents and Settings\Lynn Diederichsen\My Documents\dls8_setup.8.1.0.682.exe
[2009/07/22 11:30:23 | 00,626,268 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\hartsburg 3rd pty stmt.pdf
[2009/07/21 20:19:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lynn Diederichsen\My Documents\Dreamweaver
[2009/07/21 20:00:51 | 00,001,764 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\icalexport.ics
[2009/07/21 14:29:46 | 00,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2009/07/21 14:29:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Super Mario Final
[2009/07/21 12:59:50 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/07/21 12:57:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/07/21 12:57:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/07/21 12:56:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/07/21 12:56:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/07/21 12:56:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/07/21 12:53:38 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/07/21 12:53:38 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/07/21 12:53:38 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/07/21 12:53:38 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/07/21 12:53:37 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/07/21 12:53:37 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/07/21 12:53:37 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/07/21 12:53:36 | 02,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/07/21 12:53:35 | 06,067,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/20 21:31:10 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\The process of taking your skills.doc
[2009/05/07 18:38:34 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/07 18:38:34 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/28 19:49:37 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/11/29 13:18:48 | 00,135,104 | ---- | C] () -- C:\WINDOWS\Tab16d20.dll
[2008/11/29 13:18:48 | 00,102,400 | ---- | C] () -- C:\WINDOWS\DLL2KUSB.DLL
[2008/11/29 13:18:48 | 00,098,304 | ---- | C] () -- C:\WINDOWS\DLL32.DLL
[2008/11/29 13:18:48 | 00,048,176 | ---- | C] () -- C:\WINDOWS\Imp16d20.dll
[2008/11/29 13:18:48 | 00,028,672 | ---- | C] () -- C:\WINDOWS\SSTHUNK.DLL
[2008/11/29 13:18:48 | 00,012,800 | ---- | C] () -- C:\WINDOWS\SS16FT.DLL
[2008/11/29 13:18:48 | 00,011,079 | ---- | C] () -- C:\WINDOWS\LxUsbOpn.dll
[2008/11/29 13:18:48 | 00,002,673 | ---- | C] () -- C:\WINDOWS\SSDS32.INI
[2008/11/29 13:18:48 | 00,002,554 | ---- | C] () -- C:\WINDOWS\SSDS16.INI
[2008/11/29 13:18:48 | 00,002,269 | ---- | C] () -- C:\WINDOWS\SSDEF32.INI
[2008/11/29 13:18:48 | 00,002,267 | ---- | C] () -- C:\WINDOWS\SSDEF16.INI
[2008/11/29 13:18:48 | 00,000,051 | ---- | C] () -- C:\WINDOWS\MyScan.ini
[2008/11/26 23:22:51 | 00,000,153 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2008/08/06 15:23:49 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/08/06 15:23:49 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2008/08/06 15:23:49 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/08/06 15:23:49 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/07/09 16:37:56 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/07 21:33:44 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/07/07 21:33:43 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/07/03 10:19:55 | 00,000,031 | ---- | C] () -- C:\WINDOWS\Masque.INI
[2008/07/03 09:54:10 | 00,000,024 | ---- | C] () -- C:\WINDOWS\ssnew01.ini
[2008/07/03 08:52:52 | 00,000,208 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/03 08:43:32 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2008/07/03 08:43:31 | 00,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2008/07/03 08:43:16 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2008/07/03 08:42:50 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\DymoQBInst.dll
[2008/07/03 08:41:29 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/07/03 08:36:18 | 00,002,131 | ---- | C] () -- C:\WINDOWS\UNIN1260.INI
[2008/07/03 08:36:18 | 00,000,306 | ---- | C] () -- C:\WINDOWS\STAT_MON.INI
[2008/07/02 16:03:05 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/07/01 17:22:01 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/07/01 17:12:08 | 00,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/07/01 17:10:38 | 01,680,896 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2008/07/01 17:10:38 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008/07/01 17:10:38 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/07/01 16:44:19 | 00,000,236 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/01 15:31:51 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\USBPRN.DLL
[2008/07/01 15:31:51 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\SCANX.DLL
[2008/07/01 15:07:23 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/07/01 14:46:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/01 14:29:16 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/01 14:29:14 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/01 14:28:51 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/01 14:28:31 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/07/01 14:28:06 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/01 14:28:05 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/07/01 14:26:46 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008/07/01 13:51:49 | 00,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/04/28 11:13:33 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/02/28 07:00:00 | 00,000,899 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 07:00:00 | 00,000,248 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/08 14:41:20 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/09 14:15:16 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 16:57:34 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/05/03 09:03:58 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\smcelp32.ini
[2001/05/03 09:03:58 | 00,000,219 | R--- | C] () -- C:\WINDOWS\System32\pspgru.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/08/15 20:10:01 | 00,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/15 19:36:52 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Diederichsen\Desktop\OTL.exe
[2009/08/15 19:34:15 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Microsoft Office Outlook 2003.lnk
[2009/08/15 19:32:45 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/15 19:31:27 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lynn Diederichsen\Desktop\mbam-setup.exe
[2009/08/15 19:26:56 | 00,465,298 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\RootRepeal.rar
[2009/08/15 19:23:25 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\RootRepeal.zip
[2009/08/15 18:10:00 | 00,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/15 12:31:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/15 12:31:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/08/15 12:31:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/15 08:37:13 | 00,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/14 15:23:47 | 00,000,192 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\https--producers.piu.org-.url
[2009/08/14 13:03:03 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\dds.scr
[2009/08/13 19:21:48 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Top 10 Features of a Well.doc
[2009/08/13 14:04:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/13 13:32:38 | 00,002,673 | ---- | M] () -- C:\WINDOWS\SSDS32.INI
[2009/08/13 13:32:32 | 00,000,024 | ---- | M] () -- C:\WINDOWS\ssnew01.ini
[2009/08/13 13:01:26 | 00,000,236 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/08/13 13:00:53 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\PaperPort.lnk
[2009/08/13 10:51:30 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Microsoft Office Word 2003.lnk
[2009/08/13 10:01:49 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Microsoft Office Excel 2003.lnk
[2009/08/12 22:26:28 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/12 15:49:11 | 00,055,296 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Great Personality.doc
[2009/08/12 12:30:13 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Steve Hake Resume July 09.doc
[2009/08/12 10:08:57 | 00,000,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DYMO Stamps.lnk
[2009/08/12 10:06:43 | 00,654,072 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\DYMOstampsWebSetup.exe
[2009/08/12 09:00:38 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2009/08/11 13:36:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/08/11 13:36:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/11 11:48:16 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\My Conference Recordings.lnk
[2009/08/11 11:48:13 | 00,516,096 | ---- | M] () -- C:\WINDOWS\iwexec.exe
[2009/08/10 22:39:43 | 00,613,376 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\09NJECRoster_vsRussia.doc
[2009/08/09 19:25:14 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/09 19:25:14 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/06 20:17:07 | 60,857,536 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Lynn Diederichsen\My Documents\Ad-AwareAE.exe
[2009/08/06 19:58:00 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Lynn Diederichsen\My Documents\avast_home_setup.exe
[2009/08/05 22:19:33 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/05 17:28:27 | 00,577,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/05 17:28:27 | 00,479,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/05 17:28:27 | 00,087,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/05 04:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 04:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/04 15:59:42 | 00,002,086 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/04 15:59:38 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/04 15:48:13 | 01,885,088 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\SmitfraudFix.exe
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 13:24:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\BIPORT
[2009/08/02 20:36:44 | 00,000,248 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/01 12:24:17 | 00,035,417 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\maxine.eml
[2009/07/30 17:13:39 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2009/07/30 17:06:11 | 00,000,684 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Registrar Registry Manager.lnk
[2009/07/30 15:23:16 | 00,000,899 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/30 15:23:16 | 00,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2009/07/29 22:55:19 | 02,335,008 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/07/29 22:55:19 | 00,032,348 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/07/29 22:55:19 | 00,015,136 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/07/29 22:55:19 | 00,002,444 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/07/29 21:03:15 | 00,003,120 | ---- | M] () -- C:\rollback.ini
[2009/07/29 19:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/28 20:32:37 | 00,000,645 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\Time Stamp.lnk
[2009/07/28 20:29:22 | 00,096,256 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\Marketing Funnel.doc
[2009/07/28 20:29:14 | 00,375,296 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\Info Products.doc
[2009/07/28 20:28:46 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\Package Your Services.doc
[2009/07/28 20:28:31 | 00,103,936 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\About Pam.doc
[2009/07/27 17:40:13 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/07/22 13:40:34 | 00,073,016 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/22 13:32:16 | 00,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/22 13:09:09 | 00,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DYMO Label v.8.lnk
[2009/07/22 11:48:08 | 31,622,312 | ---- | M] (Sanford, L.P.) -- C:\Documents and Settings\Lynn Diederichsen\My Documents\dls8_setup.8.1.0.682.exe
[2009/07/22 11:30:23 | 00,626,268 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\My Documents\hartsburg 3rd pty stmt.pdf
[2009/07/21 20:00:51 | 00,001,764 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\icalexport.ics
[2009/07/21 14:29:46 | 00,000,018 | ---- | M] () -- C:\WINDOWS\gfact.ini
[2009/07/20 21:31:10 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Desktop\The process of taking your skills.doc
[2009/07/19 20:41:53 | 04,814,784 | -H-- | M] () -- C:\Documents and Settings\Lynn Diederichsen\Local Settings\Application Data\IconCache.db
[2009/07/19 08:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 08:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 08:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/07/19 08:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 08:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/18 18:30:02 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/17 13:55:28 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/07/17 13:55:28 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll
[2009/07/17 10:37:40 | 00,000,067 | ---- | M] () -- C:\WINDOWS\iltwain.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


That's it. Please advise since Malwarebytes didn't find the adware in my drivers what I should do.

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 16 August 2009 - 03:53 AM

The OTL log has told me that the suspected driver is a legitimate one after all.

This means that the PC is clean and the problem is a system one.

Please follow these steps and let m know if this solves the about:blank windows.

To resolve this problem in Internet Explorer, follow these steps:

1. Quit all programs that are running.
2. Click Start, and then click Run.
3. Type regsvr32 urlmon.dll, and then click OK.
4. When you receive the "DllRegisterServer in urlmon.dll succeeded" message, click OK.

Please then open Internet Explorer and test a link.

If this does not resolve the problem, repeat steps 2 through 4 for each of the following files (in step 3, replace Urlmon.dll with each of the file names below):
  • Shdocvw.dll
  • Actxprxy.dll
  • Oleaut32.dll
  • Mshtml.dll
  • Browseui.dll
  • Shell32.dll
If this works, or if you have tried every one of these and you are still experiencing problems then let me know. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 Zia Lynn

Zia Lynn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 16 August 2009 - 11:00 AM

I ran each of the .dll files as requested. I received the urlmon.dll succeeded message and ran all the others. However, each of those produced the notice the .dll file was not found. Is this the correct finding? I am able to link without getting the about: blank window but still am unable to run my recovery software without getting the "about: blank" error. Should I remove and re-install that software?

Thanks.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 16 August 2009 - 01:44 PM

I have some questions, Zia Lynn.

What recovery software are you trying to run?

Why are you trying to run it?

At which point does the about:blank page appear during the process?
Posted Image
m0le is a proud member of UNITE

#11 Zia Lynn

Zia Lynn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 16 August 2009 - 03:15 PM

It's OE Mail Recovery and I was trying to run it because my Outlook Express had crashed and I lost months of email in my inbox and I wanted to try to recover. When I select the location of the file to run (Inbox.dbx) and start Read/Recovery, I receive an error message that says "Cannot find "about: blank". Make sure the path or Internet Address is correct."
I did an "end-around" somehow and retrieved most of the lost email but am still missing several of the most recent weeks. It finally dawned on me that the "about: blank" was related to the blank page that I was getting in IE. Now the IE seems to be repaired -- but what to do about OE Mail Recovery?

Thanks.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 17 August 2009 - 01:50 PM

A family member that is an IT person connected to my computer and looked through my registry and deleted some suspicious or odd entries


This is something that you said earlier. I think that it's possible that your relative may not have deleted the correct entries. We are already finding that some files are missing and this could be the reason.

The fix that I provided should have sorted out the about:blank problem, the only time that this would not have happened is if the associated registry entries had been removed. This is what appears to have happened.

I suggest that you reinstall Internet Explorer. This will put back all the files/registry entries and stop the about:blank issue.


However, we have to leave it there as your logs are clean.

Good stuff! :thumbup2:

Let's do some housekeeping

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

After reinstalling Internet Explorer...

Please set your system to hide the hidden files and folder.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.


Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

I recommend that you download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Here's some advice on how you can keep your PC clean

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it Zia Lynn, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#13 Zia Lynn

Zia Lynn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 20 August 2009 - 03:15 PM

:thumbup2: Thanks, m0le for all your help!

Lynn

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 AM

Posted 20 August 2009 - 04:21 PM

You're welcome Zia Lynn. :thumbup2:

But did you sort out the problem with IE?
Posted Image
m0le is a proud member of UNITE

#15 Zia Lynn

Zia Lynn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 20 August 2009 - 05:51 PM

Certainly did. Just did everything you suggested and sent a question to the software people about the problem I was having with the OE Recovery. They said I had an old version that wasn't compatible with IE7 and gave me a link to download the newer version and everything is running right along [knock on wood].

Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users