Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 reunionmama

reunionmama

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 01 January 2011 - 07:32 PM

Problem showed up about a week ago. Getting redirected off of the Google search results page when I click a result to various and sundry other sites. No other symptoms (popups, fake virus warnings, etc). Problem is intermittent. Have tried so far:

1. Norton Antivirus (resident AV and POS). In both regular and safe mode.
2. Malwarebytes in both regular and safe mode (note - first run spotted a Trojan.Agent, but zapping it did not remove symptoms and it has not reappeared in the scan).
3. Avast
4. Iobit
5. Avira

All had up-to-date engines and definitions.

DDS File:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Ross Family at 16:31:15.42 on Sat 01/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1392 [GMT -5:00]

AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Added Files\Itunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Added Files\Quicken Online Backup\OnlineBackup.exe
C:\Added Files\Mozy Backup\mozystat.exe
svchost.exe
C:\Added Files\Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Added Files\Mozy Backup\mozybackup.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Added Files\PSI _auto update checker\sua.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.8.0.5\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [@BackupScheduler] c:\added files\quicken online backup\OnlineBackup.exe
mRun: [<NO NAME>]
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [iTunesHelper] "c:\added files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_06\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\added files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mozyho~1.lnk - c:\added files\mozy backup\mozystat.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\addedf~1\office~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\addedf~1\office~1\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} - hxxps://www.backup.com/user/webrestore.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186840726662
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293394471859
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://lvmail02.lawrenceville.org/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/en/10/install/gtdownde.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1108000.005\symds.sys [2010-9-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1108000.005\symefa.sys [2010-9-21 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1108000.005\cchpx86.sys [2010-9-21 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1108000.005\ironx86.sys [2010-9-21 116784]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\added files\photoshop\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-8-22 91456]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.8.0.5\ccsvchst.exe [2010-9-21 126392]
R2 Secunia Update Agent;Secunia Update Agent;c:\added files\psi _auto update checker\sua.exe [2010-12-21 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20101231.001\IDSXpx86.sys [2011-1-1 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110101.005\NAVENG.SYS [2011-1-1 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20110101.005\NAVEX15.SYS [2011-1-1 1360760]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1c9c110785962f2;Google Update Service (gupdate1c9c110785962f2);c:\program files\google\update\GoogleUpdate.exe [2009-4-19 133104]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\added files\psi _auto update checker\psia.exe [2010-12-21 987704]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2010-12-29 13:30:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 13:30:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 23:21:47 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-12-27 23:20:06 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-12-27 13:39:55 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-12-26 23:34:39 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-26 23:34:39 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-12-26 21:58:20 -------- d-----w- c:\windows\system32\NtmsData
2010-12-26 21:24:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software
2010-12-26 13:19:23 -------- d-----w- c:\program files\CCleaner
2010-12-26 03:49:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-26 03:49:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-26 03:49:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-26 03:49:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-26 03:49:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-26 03:49:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-26 03:49:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-26 03:29:33 -------- d-----w- c:\docume~1\rossfa~1.ups\locals~1\applic~1\Secunia PSI
2010-12-25 18:36:01 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\IObit
2010-12-24 21:19:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-24 21:18:48 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Hitman Pro
2010-12-24 15:53:14 -------- d-----w- c:\docume~1\rossfa~1.ups\applic~1\Malwarebytes
2010-12-24 15:53:06 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-12-23 16:50:57 -------- d-----w- c:\docume~1\rossfa~1.ups\applic~1\PC Tools
2010-12-23 03:40:00 -------- d-----w- c:\docume~1\rossfa~1.ups\locals~1\applic~1\Threat Expert
2010-12-23 03:36:21 -------- d-----w- c:\program files\common files\PC Tools
2010-12-18 19:05:42 59904 --sha-r- c:\windows\system32\mp4sdecdm.dll
2010-12-15 05:40:26 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 16:31:43.17 ===============

Attach and Ark files attached.

Would appreciate any and all ideas.

Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:49 PM

Posted 07 January 2011 - 03:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 reunionmama

reunionmama
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 07 January 2011 - 05:38 PM

Thanks for your time!

Problem showed up between 12/18 and 12/22. Getting redirected off of the Google search results page when I click a result to various and sundry other sites. No other symptoms (popups, fake virus warnings, etc). Problem is intermittent. Have tried so far:

1. Norton Antivirus (resident AV and POS). In both regular and safe mode.
2. Malwarebytes in both regular and safe mode (note - first run spotted a Trojan.Agent, but zapping it did not remove symptoms and it has not reappeared in the scan).
3. Avast
4. Iobit
5. Avira

All had up-to-date engines and definitions.

Here are the files from the OTL scan:

OTL logfile created on: 1/7/2011 5:23:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 90.54 Gb Free Space | 62.03% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRSOFFICEK | User Name: Ross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/07 17:22:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\OTL.exe
PRC - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Added Files\PSI _auto update checker\sua.exe
PRC - [2010/11/08 16:06:46 | 003,571,512 | ---- | M] (Mozy, Inc.) -- C:\Added Files\Mozy Backup\mozystat.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 13:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/01/01 17:52:38 | 000,611,768 | ---- | M] (SwapDrive, Inc.) -- C:\Added Files\Quicken Online Backup\OnlineBackup.exe
PRC - [2009/09/14 12:04:34 | 000,078,136 | ---- | M] (Mozy, Inc.) -- C:\Added Files\Mozy Backup\mozybackup.exe
PRC - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Added Files\Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/01/07 17:22:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Added Files\PSI _auto update checker\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Added Files\PSI _auto update checker\sua.exe -- (Secunia Update Agent)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/24 16:54:40 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2009/09/14 12:04:34 | 000,078,136 | ---- | M] (Mozy, Inc.) [Auto | Running] -- C:\Added Files\Mozy Backup\mozybackup.exe -- (mozybackup)
SRV - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Added Files\Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/12/16 20:50:36 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110107.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 20:50:36 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110107.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/22 21:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/08 19:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110106.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/22 21:22:43 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/22 21:22:43 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/22 20:47:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/29 19:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/04 19:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/09/17 01:07:00 | 006,853,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/19 14:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/06/05 02:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-113007714-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-839522115-113007714-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-113007714-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/07/22 21:22:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/07/19 10:23:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-839522115-113007714-725345543-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\S-1-5-21-839522115-113007714-725345543-1004..\Run: [@BackupScheduler] C:\Added Files\Quicken Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Added Files\Mozy Backup\mozystat.exe (Mozy, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-113007714-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Added Files\Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Added Files\Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-839522115-113007714-725345543-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} https://www.backup.com/user/webrestore.cab (WRXCtl Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186840726662 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293394471859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://lvmail02.lawrenceville.org/dwa7W.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/en/10/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 71.250.0.12
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3966b137-adf3-11df-8031-0019d187150f}\Shell - "" = AutoRun
O33 - MountPoints2\{3966b137-adf3-11df-8031-0019d187150f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3966b137-adf3-11df-8031-0019d187150f}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: @BackupScheduler - hkey= - key= - C:\Added Files\Quicken Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: OpwareSE2 - hkey= - key= - C:\Added Files\Canon MF Laser\Omnipage\OpwareSE2.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Added Files\Quicktime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: TivoNotify - hkey= - key= - C:\Added Files\TivoToGo\TiVoNotify.exe File not found
MsConfig - StartUpReg: TivoServer - hkey= - key= - C:\Added Files\TivoToGo\TiVoServer.exe File not found
MsConfig - StartUpReg: TivoTransfer - hkey= - key= - C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe File not found
MsConfig - StartUpReg: Verizon_McciTrayApp - hkey= - key= - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 17:22:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\OTL.exe
[2011/01/04 21:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2011/01/04 21:44:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/04 21:44:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/04 21:44:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/04 21:44:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/04 21:43:33 | 016,308,000 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\jre-6u22-windows-i586-s.exe
[2010/12/29 08:30:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/29 08:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/29 08:30:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/27 18:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU
[2010/12/27 18:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU
[2010/12/27 08:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/12/27 08:37:56 | 009,953,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\SUPERAntiSpyware.exe
[2010/12/27 07:49:01 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\mbam-setup.exe
[2010/12/27 07:20:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Recent
[2010/12/26 18:34:39 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/12/26 18:34:39 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/12/26 16:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/12/26 16:35:12 | 010,031,560 | ---- | C] (IObit ) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\is360setup.exe
[2010/12/26 16:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/26 16:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/12/26 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/12/26 15:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\AdobeUM
[2010/12/26 08:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
[2010/12/26 08:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/25 22:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime
[2010/12/25 22:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
[2010/12/25 22:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Secunia PSI
[2010/12/25 13:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2010/12/24 16:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2010/12/24 10:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\Malwarebytes
[2010/12/24 10:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/12/23 11:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\PC Tools
[2010/12/22 22:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Threat Expert
[2010/12/22 22:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/12/18 20:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TurboTax 2010
[2010/12/15 00:40:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/07 17:22:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\OTL.exe
[2011/01/07 16:58:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/07 12:28:45 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{247B9685-8703-49CE-BAE6-51CF04082D0D}.job
[2011/01/07 07:58:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/04 21:44:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/04 21:44:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/04 21:44:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/04 21:44:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/04 21:44:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/04 21:44:05 | 016,308,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\jre-6u22-windows-i586-s.exe
[2011/01/04 21:08:52 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\RKUnhookerLE.EXE
[2011/01/03 22:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/03 21:18:01 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\tdsskiller.zip
[2011/01/02 05:16:51 | 000,005,454 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/01/02 05:16:51 | 000,001,008 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/01/01 12:00:11 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\gmer.zip
[2011/01/01 11:52:51 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\dds.scr
[2011/01/01 11:51:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\defogger_reenable
[2011/01/01 11:51:10 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Defogger.exe
[2011/01/01 08:14:43 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Calculator.lnk
[2011/01/01 07:52:12 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/01 07:51:33 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\viek.job
[2011/01/01 07:51:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 07:51:28 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/31 20:02:38 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/12/29 12:00:41 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2010/12/29 09:01:40 | 000,491,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/29 09:01:40 | 000,090,642 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/29 08:30:39 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/27 09:58:49 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Freecell.lnk
[2010/12/27 08:38:30 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\SUPERAntiSpyware.exe
[2010/12/27 07:49:04 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\mbam-setup.exe
[2010/12/27 07:25:09 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072502.reg
[2010/12/27 07:24:47 | 000,003,910 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072435.reg
[2010/12/27 07:24:22 | 000,006,706 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072358.reg
[2010/12/27 07:23:36 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072318.reg
[2010/12/27 07:22:56 | 000,002,646 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072238.reg
[2010/12/27 03:16:17 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/26 19:04:15 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/26 16:35:12 | 010,031,560 | ---- | M] (IObit ) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\is360setup.exe
[2010/12/26 16:15:54 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\setup_av_free.exe
[2010/12/26 15:49:29 | 059,325,912 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\avira_antivir_personal_en.exe
[2010/12/26 15:41:40 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2010/12/26 15:14:00 | 000,037,434 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101226_151327.reg
[2010/12/26 08:27:03 | 000,236,246 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101226_082045.reg
[2010/12/26 08:19:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2010/12/25 07:56:42 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/22 22:36:58 | 000,724,086 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/18 20:37:32 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TurboTax 2010.lnk
[2010/12/18 14:05:42 | 000,059,904 | RHS- | M] () -- C:\WINDOWS\System32\mp4sdecdm.dll
[2010/12/12 14:11:25 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Microsoft Office Word 2003 (2).lnk
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 21:08:43 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\RKUnhookerLE.EXE
[2011/01/03 21:17:54 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\tdsskiller.zip
[2011/01/01 12:00:10 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\gmer.zip
[2011/01/01 11:52:51 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\dds.scr
[2011/01/01 11:51:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\defogger_reenable
[2011/01/01 11:51:05 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Defogger.exe
[2011/01/01 07:51:28 | 2145,304,576 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/29 08:30:39 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/27 07:25:04 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072502.reg
[2010/12/27 07:24:37 | 000,003,910 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072435.reg
[2010/12/27 07:23:59 | 000,006,706 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072358.reg
[2010/12/27 07:23:19 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072318.reg
[2010/12/27 07:22:41 | 000,002,646 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072238.reg
[2010/12/26 16:15:52 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\setup_av_free.exe
[2010/12/26 15:49:01 | 059,325,912 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\avira_antivir_personal_en.exe
[2010/12/26 15:41:40 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2010/12/26 15:13:30 | 000,037,434 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101226_151327.reg
[2010/12/26 08:20:51 | 000,236,246 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101226_082045.reg
[2010/12/26 08:19:27 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2010/12/24 16:19:19 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/22 22:36:47 | 000,724,086 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/18 20:37:32 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TurboTax 2010.lnk
[2010/12/18 14:05:42 | 000,059,904 | RHS- | C] () -- C:\WINDOWS\System32\mp4sdecdm.dll
[2010/12/18 14:05:42 | 000,000,326 | -HS- | C] () -- C:\WINDOWS\tasks\viek.job
[2010/10/14 20:52:43 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/10/03 12:27:50 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\atscie.msi
[2009/01/28 19:09:15 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/12/25 15:22:16 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/08/17 10:57:44 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\dvd.bmk
[2007/09/28 17:21:07 | 000,002,183 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/08/17 15:23:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/17 15:23:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/08/17 15:23:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/17 15:23:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/17 15:23:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/14 20:16:20 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/12 19:51:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/08/12 18:29:20 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP20.INI
[2007/08/12 18:14:17 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2007/08/12 18:08:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/08/12 18:08:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/08/12 18:06:51 | 000,000,528 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/08/11 19:31:03 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\fusioncache.dat
[2007/08/11 14:19:01 | 000,000,168 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2007/08/11 11:28:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/11 09:51:57 | 000,000,442 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/11 03:54:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/06 13:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/28 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/02/28 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/02/28 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/02/28 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/02/28 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/25 20:16:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/25 20:16:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2006/02/28 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/25 20:16:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/25 20:16:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/07/06 05:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\dell\drivers\R130118\iastor.sys
[2006/10/10 12:03:48 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\drivers\storage\R130118\iastor.sys
[2007/03/21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\dell\drivers\R158601\iastor.sys
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/03/21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\ReinstallBackups\0037\DriverFiles\iaStor.sys
[2007/03/21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: NVRAID.SYS >
[2006/03/16 19:51:38 | 000,081,536 | ---- | M] (NVIDIA Corporation) MD5=4BC863E8FB65EBCFDDE04822CF875E76 -- C:\WINDOWS\dell\nvraid\nvraid.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/17 13:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/12/18 14:05:42 | 000,059,904 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\mp4sdecdm.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2011/01/01 07:51:33 | 000,000,326 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\viek.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/08/11 04:14:12 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/08/11 08:08:06 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/08/11 04:14:12 | 008,912,896 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/08/11 04:14:12 | 003,145,728 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/12/25 07:56:42 | 000,016,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/11/08 16:06:38 | 000,054,776 | ---- | M] (Mozy, Inc.) -- C:\WINDOWS\system32\drivers\mozy.sys
[2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A149E8AD
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:07BF512B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:430C6D84

< End of report >



OTL Extras logfile created on: 1/7/2011 5:23:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 90.54 Gb Free Space | 62.03% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRSOFFICEK | User Name: Ross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Added Files\Office 2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Added Files\Office 2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Added Files\Turbotax 2006\TurboTax Deluxe 2006\32bit\ttax.exe" = C:\Added Files\Turbotax 2006\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Added Files\Turbotax 2006\TurboTax Deluxe 2006\32bit\updatemgr.exe" = C:\Added Files\Turbotax 2006\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Added Files\Turbotax 2007\TurboTax Deluxe 2007\32bit\ttax.exe" = C:\Added Files\Turbotax 2007\TurboTax Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Added Files\Turbotax 2007\TurboTax Deluxe 2007\32bit\updatemgr.exe" = C:\Added Files\Turbotax 2007\TurboTax Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Added Files\Mozy Backup\mozystat.exe" = C:\Added Files\Mozy Backup\mozystat.exe:*:Enabled:MozyHome Status -- (Mozy, Inc.)
"C:\Added Files\Mozy Backup\mozyconf.exe" = C:\Added Files\Mozy Backup\mozyconf.exe:*:Enabled:MozyHome Configuration -- (Mozy, Inc.)
"C:\Added Files\Itunes\iTunes.exe" = C:\Added Files\Itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12076ED5-921B-4231-9883-157092E6F2DA}" = Quicken Medical Expense Manager
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf01
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1C643154-0ADF-4B4C-AF17-E315C946A54B}" = MotoConnect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2C164906-E68F-462A-9010-70DD022223EF}" = RemoteCapture Task 1.0.2
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3B1D6DF0-EAA2-012B-AE51-000000000000}" = TurboTax 2009 wnjiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F873E63-1CA5-4bdb-A8C7-D97012496DE3}" = Canon MF6500 Series
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AE6DBEA8-CD29-11D7-9A01-AFACDE407D23}" = USB 2.0 Single Slot Reader
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CDF64407-E968-4AC8-8323-A1DDBE5A8D72}" = Quicken Home Inventory Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5538179-A892-499A-B7AA-8D7074EB203B}" = Vz In Home Agent
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}" = Intel® Viiv™ Software
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0046DDB-1B0C-4EA1-90BB-0960CDD2C77D}" = NannyPay 2009
"{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Camera Window
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"CCleaner" = CCleaner
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Canon Camera Window for ZoomBrowser EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Online Backup" = Online Backup
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Verizon Help and Support" = Verizon Help and Support Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2010 11:26:06 AM | Computer Name = UPSTAIRSOFFICEK | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/27/2010 11:26:06 AM | Computer Name = UPSTAIRSOFFICEK | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/27/2010 12:16:25 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 12:16:42 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 12:17:27 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 12:17:31 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 12:17:49 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2010 9:06:04 AM | Computer Name = UPSTAIRSOFFICEK | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- The installation of QuickTime did not complete
successfully. iTunes requires QuickTime.

Error - 1/3/2011 10:18:19 PM | Computer Name = UPSTAIRSOFFICEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/3/2011 10:18:19 PM | Computer Name = UPSTAIRSOFFICEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 12/31/2010 9:08:07 PM | Computer Name = UPSTAIRSOFFICEK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec mozyFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX
SymIRON
SYMTDI
Tcpip
TfFsMon
TfSysMon

Error - 1/1/2011 8:50:50 AM | Computer Name = UPSTAIRSOFFICEK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/1/2011 8:53:09 AM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >

Appreciate your help -

#4 reunionmama

reunionmama
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 07 January 2011 - 05:42 PM

Thanks for your time!

Problem showed up between 12/18 and 12/22. Getting redirected off of the Google search results page when I click a result to various and sundry other sites. No other symptoms (popups, fake virus warnings, etc). Problem is intermittent. Have tried so far:

1. Norton Antivirus (resident AV and POS). In both regular and safe mode.
2. Malwarebytes in both regular and safe mode (note - first run spotted a Trojan.Agent, but zapping it did not remove symptoms and it has not reappeared in the scan).
3. Avast
4. Iobit
5. Avira

All had up-to-date engines and definitions.

Here are the files from the OTL scan:

OTL logfile created on: 1/7/2011 5:23:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 90.54 Gb Free Space | 62.03% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRSOFFICEK | User Name: Ross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/07 17:22:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\OTL.exe
PRC - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Added Files\PSI _auto update checker\sua.exe
PRC - [2010/11/08 16:06:46 | 003,571,512 | ---- | M] (Mozy, Inc.) -- C:\Added Files\Mozy Backup\mozystat.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 13:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/01/01 17:52:38 | 000,611,768 | ---- | M] (SwapDrive, Inc.) -- C:\Added Files\Quicken Online Backup\OnlineBackup.exe
PRC - [2009/09/14 12:04:34 | 000,078,136 | ---- | M] (Mozy, Inc.) -- C:\Added Files\Mozy Backup\mozybackup.exe
PRC - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Added Files\Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/01/07 17:22:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Added Files\PSI _auto update checker\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Added Files\PSI _auto update checker\sua.exe -- (Secunia Update Agent)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/24 16:54:40 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2009/09/14 12:04:34 | 000,078,136 | ---- | M] (Mozy, Inc.) [Auto | Running] -- C:\Added Files\Mozy Backup\mozybackup.exe -- (mozybackup)
SRV - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Added Files\Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/12/16 20:50:36 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110107.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 20:50:36 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20110107.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/22 21:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/08 19:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110106.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/22 21:22:43 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/22 21:22:43 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/22 20:47:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/29 19:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/04 19:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/09/17 01:07:00 | 006,853,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/19 14:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/06/05 02:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-113007714-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-839522115-113007714-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-113007714-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/07/22 21:22:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/07/19 10:23:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-839522115-113007714-725345543-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\S-1-5-21-839522115-113007714-725345543-1004..\Run: [@BackupScheduler] C:\Added Files\Quicken Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Added Files\Mozy Backup\mozystat.exe (Mozy, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-113007714-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Added Files\Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Added Files\Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-839522115-113007714-725345543-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} https://www.backup.com/user/webrestore.cab (WRXCtl Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186840726662 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293394471859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://lvmail02.lawrenceville.org/dwa7W.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/en/10/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 71.250.0.12
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3966b137-adf3-11df-8031-0019d187150f}\Shell - "" = AutoRun
O33 - MountPoints2\{3966b137-adf3-11df-8031-0019d187150f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3966b137-adf3-11df-8031-0019d187150f}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: @BackupScheduler - hkey= - key= - C:\Added Files\Quicken Online Backup\OnlineBackup.exe (SwapDrive, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: OpwareSE2 - hkey= - key= - C:\Added Files\Canon MF Laser\Omnipage\OpwareSE2.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Added Files\Quicktime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: TivoNotify - hkey= - key= - C:\Added Files\TivoToGo\TiVoNotify.exe File not found
MsConfig - StartUpReg: TivoServer - hkey= - key= - C:\Added Files\TivoToGo\TiVoServer.exe File not found
MsConfig - StartUpReg: TivoTransfer - hkey= - key= - C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe File not found
MsConfig - StartUpReg: Verizon_McciTrayApp - hkey= - key= - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 17:22:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\OTL.exe
[2011/01/04 21:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2011/01/04 21:44:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/04 21:44:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/04 21:44:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/04 21:44:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/04 21:43:33 | 016,308,000 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\jre-6u22-windows-i586-s.exe
[2010/12/29 08:30:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/29 08:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/29 08:30:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/27 18:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU
[2010/12/27 18:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU
[2010/12/27 08:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/12/27 08:37:56 | 009,953,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\SUPERAntiSpyware.exe
[2010/12/27 07:49:01 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\mbam-setup.exe
[2010/12/27 07:20:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Recent
[2010/12/26 18:34:39 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/12/26 18:34:39 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/12/26 16:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/12/26 16:35:12 | 010,031,560 | ---- | C] (IObit ) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\is360setup.exe
[2010/12/26 16:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/26 16:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/12/26 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/12/26 15:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\AdobeUM
[2010/12/26 08:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
[2010/12/26 08:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/25 22:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime
[2010/12/25 22:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
[2010/12/25 22:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Secunia PSI
[2010/12/25 13:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2010/12/24 16:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2010/12/24 10:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\Malwarebytes
[2010/12/24 10:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/12/23 11:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\PC Tools
[2010/12/22 22:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Threat Expert
[2010/12/22 22:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/12/18 20:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\TurboTax 2010
[2010/12/15 00:40:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/07 17:22:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\OTL.exe
[2011/01/07 16:58:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/07 12:28:45 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{247B9685-8703-49CE-BAE6-51CF04082D0D}.job
[2011/01/07 07:58:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/04 21:44:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/04 21:44:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/04 21:44:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/04 21:44:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/04 21:44:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/04 21:44:05 | 016,308,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\jre-6u22-windows-i586-s.exe
[2011/01/04 21:08:52 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\RKUnhookerLE.EXE
[2011/01/03 22:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/03 21:18:01 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\tdsskiller.zip
[2011/01/02 05:16:51 | 000,005,454 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/01/02 05:16:51 | 000,001,008 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/01/01 12:00:11 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\gmer.zip
[2011/01/01 11:52:51 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\dds.scr
[2011/01/01 11:51:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\defogger_reenable
[2011/01/01 11:51:10 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Defogger.exe
[2011/01/01 08:14:43 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Calculator.lnk
[2011/01/01 07:52:12 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/01 07:51:33 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\viek.job
[2011/01/01 07:51:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 07:51:28 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/31 20:02:38 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/12/29 12:00:41 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2010/12/29 09:01:40 | 000,491,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/29 09:01:40 | 000,090,642 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/29 08:30:39 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/27 09:58:49 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Freecell.lnk
[2010/12/27 08:38:30 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\SUPERAntiSpyware.exe
[2010/12/27 07:49:04 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\mbam-setup.exe
[2010/12/27 07:25:09 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072502.reg
[2010/12/27 07:24:47 | 000,003,910 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072435.reg
[2010/12/27 07:24:22 | 000,006,706 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072358.reg
[2010/12/27 07:23:36 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072318.reg
[2010/12/27 07:22:56 | 000,002,646 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072238.reg
[2010/12/27 03:16:17 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/26 19:04:15 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/26 16:35:12 | 010,031,560 | ---- | M] (IObit ) -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\is360setup.exe
[2010/12/26 16:15:54 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\setup_av_free.exe
[2010/12/26 15:49:29 | 059,325,912 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\avira_antivir_personal_en.exe
[2010/12/26 15:41:40 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2010/12/26 15:14:00 | 000,037,434 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101226_151327.reg
[2010/12/26 08:27:03 | 000,236,246 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101226_082045.reg
[2010/12/26 08:19:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2010/12/25 07:56:42 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/22 22:36:58 | 000,724,086 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/18 20:37:32 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TurboTax 2010.lnk
[2010/12/18 14:05:42 | 000,059,904 | RHS- | M] () -- C:\WINDOWS\System32\mp4sdecdm.dll
[2010/12/12 14:11:25 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Microsoft Office Word 2003 (2).lnk
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 21:08:43 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\RKUnhookerLE.EXE
[2011/01/03 21:17:54 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\tdsskiller.zip
[2011/01/01 12:00:10 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\gmer.zip
[2011/01/01 11:52:51 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\dds.scr
[2011/01/01 11:51:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\defogger_reenable
[2011/01/01 11:51:05 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\Defogger.exe
[2011/01/01 07:51:28 | 2145,304,576 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/29 08:30:39 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/27 07:25:04 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072502.reg
[2010/12/27 07:24:37 | 000,003,910 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072435.reg
[2010/12/27 07:23:59 | 000,006,706 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072358.reg
[2010/12/27 07:23:19 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072318.reg
[2010/12/27 07:22:41 | 000,002,646 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101227_072238.reg
[2010/12/26 16:15:52 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\setup_av_free.exe
[2010/12/26 15:49:01 | 059,325,912 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\avira_antivir_personal_en.exe
[2010/12/26 15:41:40 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2010/12/26 15:13:30 | 000,037,434 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101226_151327.reg
[2010/12/26 08:20:51 | 000,236,246 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop\cc_20101226_082045.reg
[2010/12/26 08:19:27 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2010/12/24 16:19:19 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/12/22 22:36:47 | 000,724,086 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/18 20:37:32 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TurboTax 2010.lnk
[2010/12/18 14:05:42 | 000,059,904 | RHS- | C] () -- C:\WINDOWS\System32\mp4sdecdm.dll
[2010/12/18 14:05:42 | 000,000,326 | -HS- | C] () -- C:\WINDOWS\tasks\viek.job
[2010/10/14 20:52:43 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/10/03 12:27:50 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\atscie.msi
[2009/01/28 19:09:15 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/12/25 15:22:16 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/08/17 10:57:44 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Application Data\dvd.bmk
[2007/09/28 17:21:07 | 000,002,183 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/08/17 15:23:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/17 15:23:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/08/17 15:23:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/17 15:23:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/17 15:23:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/14 20:16:20 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/12 19:51:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/08/12 18:29:20 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP20.INI
[2007/08/12 18:14:17 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2007/08/12 18:08:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/08/12 18:08:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/08/12 18:06:51 | 000,000,528 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/08/11 19:31:03 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\fusioncache.dat
[2007/08/11 14:19:01 | 000,000,168 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2007/08/11 11:28:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/11 09:51:57 | 000,000,442 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/11 03:54:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/06 13:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/28 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/02/28 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/02/28 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/02/28 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/02/28 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/25 20:16:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/25 20:16:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2006/02/28 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/25 20:16:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/25 20:16:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/07/06 05:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\dell\drivers\R130118\iastor.sys
[2006/10/10 12:03:48 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\drivers\storage\R130118\iastor.sys
[2007/03/21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\dell\drivers\R158601\iastor.sys
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/03/21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\ReinstallBackups\0037\DriverFiles\iaStor.sys
[2007/03/21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: NVRAID.SYS >
[2006/03/16 19:51:38 | 000,081,536 | ---- | M] (NVIDIA Corporation) MD5=4BC863E8FB65EBCFDDE04822CF875E76 -- C:\WINDOWS\dell\nvraid\nvraid.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/17 13:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/12/18 14:05:42 | 000,059,904 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\mp4sdecdm.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2011/01/01 07:51:33 | 000,000,326 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\viek.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/08/11 04:14:12 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/08/11 08:08:06 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/08/11 04:14:12 | 008,912,896 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/08/11 04:14:12 | 003,145,728 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/12/25 07:56:42 | 000,016,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/11/08 16:06:38 | 000,054,776 | ---- | M] (Mozy, Inc.) -- C:\WINDOWS\system32\drivers\mozy.sys
[2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A149E8AD
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:07BF512B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:430C6D84

< End of report >



OTL Extras logfile created on: 1/7/2011 5:23:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Ross Family.UPSTAIRSOFFICEK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 90.54 Gb Free Space | 62.03% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRSOFFICEK | User Name: Ross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Added Files\Office 2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Added Files\Office 2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Added Files\Turbotax 2006\TurboTax Deluxe 2006\32bit\ttax.exe" = C:\Added Files\Turbotax 2006\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Added Files\Turbotax 2006\TurboTax Deluxe 2006\32bit\updatemgr.exe" = C:\Added Files\Turbotax 2006\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Added Files\Turbotax 2007\TurboTax Deluxe 2007\32bit\ttax.exe" = C:\Added Files\Turbotax 2007\TurboTax Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Added Files\Turbotax 2007\TurboTax Deluxe 2007\32bit\updatemgr.exe" = C:\Added Files\Turbotax 2007\TurboTax Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Added Files\Mozy Backup\mozystat.exe" = C:\Added Files\Mozy Backup\mozystat.exe:*:Enabled:MozyHome Status -- (Mozy, Inc.)
"C:\Added Files\Mozy Backup\mozyconf.exe" = C:\Added Files\Mozy Backup\mozyconf.exe:*:Enabled:MozyHome Configuration -- (Mozy, Inc.)
"C:\Added Files\Itunes\iTunes.exe" = C:\Added Files\Itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12076ED5-921B-4231-9883-157092E6F2DA}" = Quicken Medical Expense Manager
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf01
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1C643154-0ADF-4B4C-AF17-E315C946A54B}" = MotoConnect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2C164906-E68F-462A-9010-70DD022223EF}" = RemoteCapture Task 1.0.2
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3B1D6DF0-EAA2-012B-AE51-000000000000}" = TurboTax 2009 wnjiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F873E63-1CA5-4bdb-A8C7-D97012496DE3}" = Canon MF6500 Series
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AE6DBEA8-CD29-11D7-9A01-AFACDE407D23}" = USB 2.0 Single Slot Reader
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CDF64407-E968-4AC8-8323-A1DDBE5A8D72}" = Quicken Home Inventory Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5538179-A892-499A-B7AA-8D7074EB203B}" = Vz In Home Agent
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}" = Intel® Viiv™ Software
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0046DDB-1B0C-4EA1-90BB-0960CDD2C77D}" = NannyPay 2009
"{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Camera Window
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"CCleaner" = CCleaner
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Canon Camera Window for ZoomBrowser EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Online Backup" = Online Backup
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Verizon Help and Support" = Verizon Help and Support Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2010 11:26:06 AM | Computer Name = UPSTAIRSOFFICEK | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/27/2010 11:26:06 AM | Computer Name = UPSTAIRSOFFICEK | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/27/2010 12:16:25 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 12:16:42 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 12:17:27 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 12:17:31 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 12:17:49 PM | Computer Name = UPSTAIRSOFFICEK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8231.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2010 9:06:04 AM | Computer Name = UPSTAIRSOFFICEK | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- The installation of QuickTime did not complete
successfully. iTunes requires QuickTime.

Error - 1/3/2011 10:18:19 PM | Computer Name = UPSTAIRSOFFICEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/3/2011 10:18:19 PM | Computer Name = UPSTAIRSOFFICEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 12/31/2010 9:08:07 PM | Computer Name = UPSTAIRSOFFICEK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/31/2010 9:09:26 PM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec mozyFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX
SymIRON
SYMTDI
Tcpip
TfFsMon
TfSysMon

Error - 1/1/2011 8:50:50 AM | Computer Name = UPSTAIRSOFFICEK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/1/2011 8:53:09 AM | Computer Name = UPSTAIRSOFFICEK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >

Appreciate your help -

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:49 PM

Posted 07 January 2011 - 06:55 PM

Hi,

do you connect to the Internet through a router? Could you connect to the internet directly and let me know if the redirects cease.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 reunionmama

reunionmama
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 07 January 2011 - 09:31 PM

I use a Verizon Fios Actiontec router. Computer is hardwired to the router, which is hardwired to FIOS. Unable to bypass. Router also has wireless capability to other computers in the house.

#7 reunionmama

reunionmama
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 07 January 2011 - 10:28 PM

I reset the router (and changed the password). Last 5 google searches have come up clean. I'll test more tomorrow in the am.

#8 reunionmama

reunionmama
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 08 January 2011 - 07:51 AM

Still have the redirect. Took me to searchpro.com this time. It remains intermittent.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:49 PM

Posted 08 January 2011 - 03:06 PM

Hi,

are other computers on the network experiencing the same?

Please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 reunionmama

reunionmama
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 08 January 2011 - 03:37 PM

Myrti -

Log attached. FWIW - just notified that my credit card number has been stolen. Coincidence?

Thanks again for helping out.

ComboFix 11-01-08.01 - Ross Family 01/08/2011 15:28:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1554 [GMT -5:00]
Running from: c:\documents and settings\Ross Family.UPSTAIRSOFFICEK\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SETADC.tmp
c:\program files\Internet Explorer\SETADD.tmp
c:\program files\Internet Explorer\SETADF.tmp
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP061 .MRK

.
((((((((((((((((((((((((( Files Created from 2010-12-08 to 2011-01-08 )))))))))))))))))))))))))))))))
.

2011-01-05 02:44 . 2011-01-05 02:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-29 13:30 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 13:30 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 23:21 . 2010-12-27 23:21 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-12-27 23:20 . 2010-12-27 23:20 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-12-27 13:39 . 2010-12-27 13:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-12-26 23:34 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-12-26 21:58 . 2010-12-26 22:54 -------- d-----w- c:\windows\system32\NtmsData
2010-12-26 21:24 . 2010-12-27 00:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-12-26 21:24 . 2010-12-26 21:24 -------- d-----w- c:\program files\Alwil Software
2010-12-26 20:41 . 2010-12-26 20:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-26 20:34 . 2010-12-26 20:34 -------- d-----w- c:\documents and settings\Ross Family.UPSTAIRSOFFICEK\Application Data\AdobeUM
2010-12-26 13:19 . 2010-12-26 13:19 -------- d-----w- c:\program files\CCleaner
2010-12-26 03:49 . 2010-12-26 03:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-26 03:49 . 2010-12-26 03:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-26 03:49 . 2010-12-26 03:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-26 03:49 . 2010-12-26 03:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-26 03:49 . 2010-12-26 03:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-26 03:49 . 2010-12-26 03:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-26 03:49 . 2010-12-26 03:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-26 03:42 . 2010-12-26 03:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2010-12-26 03:29 . 2010-12-26 03:29 -------- d-----w- c:\documents and settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Secunia PSI
2010-12-25 22:08 . 2010-12-25 22:09 -------- d-----w- c:\documents and settings\Administrator
2010-12-25 18:36 . 2010-12-25 18:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit
2010-12-24 21:19 . 2010-12-25 12:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-24 21:18 . 2010-12-24 21:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro
2010-12-24 15:53 . 2010-12-24 15:53 -------- d-----w- c:\documents and settings\Ross Family.UPSTAIRSOFFICEK\Application Data\Malwarebytes
2010-12-24 15:53 . 2010-12-24 15:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-12-23 16:50 . 2010-12-23 16:50 -------- d-----w- c:\documents and settings\Ross Family.UPSTAIRSOFFICEK\Application Data\PC Tools
2010-12-23 03:40 . 2010-12-23 03:40 -------- d-----w- c:\documents and settings\Ross Family.UPSTAIRSOFFICEK\Local Settings\Application Data\Threat Expert
2010-12-23 03:36 . 2010-12-25 04:02 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-18 19:05 . 2010-12-18 19:05 59904 --sha-r- c:\windows\system32\mp4sdecdm.dll
2010-12-15 05:40 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-05 02:44 . 2007-08-11 16:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2007-08-11 12:59 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-08 21:06 . 2009-09-26 15:37 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-11-06 00:26 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 19:53 . 2010-11-02 19:53 12 ----a-w- c:\windows\Fonts\wfonts.key
2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-02-28 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-11-08 21:06 3424056 ----a-w- c:\added files\Mozy Backup\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-11-08 21:06 3424056 ----a-w- c:\added files\Mozy Backup\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@BackupScheduler"="c:\added files\Quicken Online Backup\OnlineBackup.exe" [2010-01-01 611768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"iTunesHelper"="c:\added files\Itunes\iTunesHelper.exe" [2010-09-01 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\added files\Quicktime\qttask.exe" [2010-11-29 421888]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\added files\Mozy Backup\mozystat.exe [2010-11-8 3571512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@BackupScheduler]
2010-01-01 22:52 611768 ----a-w- c:\added files\Quicken Online Backup\OnlineBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 17:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 22:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 09:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-10-09 23:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 20:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 20:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-17 06:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-08-17 20:23 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 15:00 49152 ----a-w- c:\added files\Canon MF Laser\Omnipage\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\added files\Quicktime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-20 20:00 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Added Files\\Mozy Backup\\mozystat.exe"=
"c:\\Added Files\\Mozy Backup\\mozyconf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Added Files\\Itunes\\iTunes.exe"=

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\added files\Photoshop\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 5:06 AM 169312]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/22/2010 12:11 PM 91456]
R2 Secunia Update Agent;Secunia Update Agent;c:\added files\PSI _auto update checker\sua.exe [12/21/2010 7:04 AM 399416]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1c9c110785962f2;Google Update Service (gupdate1c9c110785962f2);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2009 12:01 PM 133104]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\added files\PSI _auto update checker\psia.exe [12/21/2010 7:04 AM 987704]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 17:01]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 17:01]

2011-01-08 c:\windows\Tasks\User_Feed_Synchronization-{247B9685-8703-49CE-BAE6-51CF04082D0D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\addedf~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} - hxxps://www.backup.com/user/webrestore.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TivoNotify - c:\added files\TivoToGo\TiVoNotify.exe
MSConfigStartUp-TivoServer - c:\added files\TivoToGo\TiVoServer.exe
MSConfigStartUp-TivoTransfer - c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-08 15:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-113007714-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f8,27,da,8a,93,4f,18,6a,8b,ea,6d,6a,67,b0,e2,ec,1f,40,c8,de,ed,6f,42,
f1,90,2a,a8,78,4b,e2,a2,4c,2b,02,b0,61,fd,22,af,e8,4e,1c,b6,2e,e5,72,24,b7,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-08 15:33:57
ComboFix-quarantined-files.txt 2011-01-08 20:33

Pre-Run: 97,562,755,072 bytes free
Post-Run: 97,858,158,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A422D8058334A657FB0C583336BED103

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:49 PM

Posted 08 January 2011 - 04:15 PM

Hi,

it is rather unlikely that these to things are not related. Did you use the credit card on your PC recently?
Could you show me the logs where Malwarebytes and Avast removed infections?

This would mean however, that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any other banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 reunionmama

reunionmama
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 08 January 2011 - 04:54 PM

Here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5388

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/24/2010 10:59:51 AM
mbam-log-2010-12-24 (10-59-51).txt

Scan type: Quick scan
Objects scanned: 198710
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\microsoft common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

It will probably take me 12-15 hours to reformat and reinstall, but I use the PC for financial transactions. If you can confirm that Malwarebytes removed a backdoor Trojan, I'll take it down. Any tips you can provide for making it faster would be appreciated.

Ugh.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:49 PM

Posted 08 January 2011 - 05:39 PM

Hi,

the log from Malwarebytes only shows a directory, from that no definitive conclusion is possible.

We can remove the google redirects, hopefully, with this utility:
Please download Kenco.exe and save it to your desktop.
  • Double-click on Kenco.exe to run it (if you get a security warning, click run).
  • You will see a black command window and shortly a logfile will be opened. Note - Kenco.log will be saved on your desktop.
  • In order to complete the cleaning process, Kenco.exe may need to reboot your computer.
Please copy/paste the contents of kenco.log in your next reply.

But I can not rule out that you have been infected by a backdoor.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 reunionmama

reunionmama
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 08 January 2011 - 06:19 PM

Very quick.

Kenco by jpshortstuff (31.12.09.1)
Log created at 18:18 on 08/01/2011 (Ross Family)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========
AppleSoftwareUpdate.job -> [15:15 17/11/2007] 284 bytes
GoogleUpdateTaskMachineCore.job -> [15:21 30/06/2009] 882 bytes
GoogleUpdateTaskMachineUA.job -> [15:21 30/06/2009] 886 bytes
User_Feed_Synchronization-{247B9685-8703-49CE-BAE6-51CF04082D0D}.job -> [15:04 30/05/2009] 434 bytes

-=E.O.F=-

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:49 PM

Posted 08 January 2011 - 07:30 PM

Hi,

could you please rerun the scan from the beginning? Are you still getting redirected?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users