Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus


  • This topic is locked This topic is locked
26 replies to this topic

#1 schr1111

schr1111

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 23 April 2011 - 05:45 PM

I've had this problem before, and when I search anything and then click a link, it takes me to a random website. I can get to the website by hitting back, and then clicking the link again. Here are my logs:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ami at 17:02:51.23 on Sat 04/23/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1752 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ami\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.8.0.5\IPSBHO.DLL
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Blejizeva] rundll32.exe "c:\users\ami\appdata\local\arekomemapiqiy.dll",Startup
uRun: [Lyurijocifaluti] rundll32.exe "c:\users\ami\appdata\local\dlasrm.dll",Startup
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ami\appdata\roaming\mozilla\firefox\profiles\9u3je5ik.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\ami\appdata\roaming\mozilla\firefox\profiles\9u3je5ik.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\users\ami\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\ami\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\ami\appdata\roaming\mozilla\firefox\profiles\9u3je5ik.default\extensions\activegs@freetoolsassociation.com\platform\winnt_x86-msvc\plugins\npActiveGS.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: ActiveGS: activegs@freetoolsassociation.com - %profile%\extensions\activegs@freetoolsassociation.com
FF - Ext: The Browser Highlighter: browserhighlighter@ebay.com - %profile%\extensions\browserhighlighter@ebay.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\IPSFFPlgn
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\ami\appdata\roaming\Move Networks
FF - Ext: XULRunner: {DFCA5936-C0F8-4604-AD6E-9965A1653C45} - c:\users\ami\appdata\local\{DFCA5936-C0F8-4604-AD6E-9965A1653C45}
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1108000.005\symds.sys [2010-9-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1108000.005\symefa.sys [2010-9-23 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-5 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1108000.005\cchpx86.sys [2010-9-23 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20101005.005\IDSvix86.sys [2010-9-15 353840]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1108000.005\ironx86.sys [2010-9-23 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1108000.005\symtdiv.sys [2010-9-23 339504]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.8.0.5\ccsvchst.exe [2010-9-23 126392]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-9 102448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-1-30 1153368]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-4-21 16968]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-3-14 255472]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-3-14 218608]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-21 17:10:55 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-21 17:10:35 -------- d-----w- c:\progra~2\Hitman Pro
2011-04-20 21:50:14 0 ----a-w- c:\users\ami\appdata\local\Kzurunuhogajimo.bin
2011-04-20 21:50:13 -------- d-----w- c:\users\ami\appdata\local\{DFCA5936-C0F8-4604-AD6E-9965A1653C45}
2011-04-15 19:41:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 19:41:06 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 19:41:05 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 19:41:04 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 19:41:03 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 19:41:03 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 19:41:03 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 19:41:03 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
==================== Find3M ====================
.
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 17:03:30.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:30 AM

Posted 01 May 2011 - 08:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 schr1111

schr1111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 01 May 2011 - 11:43 AM

I don't think anything has changed since I last posted. Whenever I search something and click a link, it takes me to a random website and I have to go back and click the link again to get to the correct website. I did run Malwarebytes' Anti-Malware scan since last posting. It did come up with problems, and it claimed to fix them, but nothing has changed. I am still having the redirect problem.

OTL logfile created on: 5/1/2011 11:35:00 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ami\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.20 Gb Total Space | 93.15 Gb Free Space | 42.11% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 2.01 Gb Free Space | 17.18% Space Free | Partition Type: NTFS

Computer Name: AMIPC | User Name: Ami | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 11:34:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ami\Desktop\OTL.exe
PRC - [2011/05/01 11:12:56 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2011/05/01 11:12:56 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/03/25 22:08:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/07/06 20:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/01/26 16:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/31 12:03:54 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 11:34:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ami\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/01/30 12:58:20 | 000,255,472 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/01/30 12:58:20 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/04/21 12:17:42 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/09/29 10:12:17 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101007.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/29 10:12:16 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101007.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/15 13:02:21 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101005.005\IDSvix86.sys -- (IDSVix86)
DRV - [2010/08/31 17:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/09 21:23:21 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/09 21:23:21 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/09 21:06:00 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/29 19:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/01 10:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 22:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/28 10:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/18 07:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:2.4.26
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.19126
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {DFCA5936-C0F8-4604-AD6E-9965A1653C45}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/31 12:04:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/07/11 17:15:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 22:08:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 22:08:31 | 000,000,000 | ---D | M]

[2009/01/30 17:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ami\AppData\Roaming\Mozilla\Extensions
[2011/04/30 21:53:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ami\AppData\Roaming\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions
[2010/10/29 19:11:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ami\AppData\Roaming\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/21 23:28:10 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Ami\AppData\Roaming\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions\activegs@freetoolsassociation.com
[2011/04/30 09:47:18 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Ami\AppData\Roaming\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions\browserhighlighter@ebay.com
[2011/02/06 15:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 17:15:37 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPLGN
[2011/04/20 16:50:13 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\AMI\APPDATA\LOCAL\{DFCA5936-C0F8-4604-AD6E-9965A1653C45}
[2010/02/22 12:28:03 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\AMI\APPDATA\ROAMING\MOVE NETWORKS

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 140.209.1.17 140.209.1.5 137.192.2.3 206.9.64.101
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ami\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ami\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 08:57:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{81332db8-4bfb-11e0-a9a8-8eb9b4189357}\Shell - "" = AutoRun
O33 - MountPoints2\{81332db8-4bfb-11e0-a9a8-8eb9b4189357}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 11:34:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Ami\Desktop\OTL.exe
[2011/04/27 20:22:32 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 20:22:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/25 16:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/25 16:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/25 16:14:14 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/04/25 16:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/04/25 16:10:33 | 000,000,000 | ---D | C] -- C:\Users\Ami\AppData\Local\Microsoft Help
[2011/04/25 16:10:01 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/04/25 15:25:18 | 704,809,728 | ---- | C] (Microsoft Corporation) -- C:\Users\Ami\Desktop\X17-22376.exe
[2011/04/23 17:07:01 | 000,000,000 | ---D | C] -- C:\Users\Ami\Desktop\gmer
[2011/04/23 16:43:58 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Ami\Desktop\spybotsd162.exe
[2011/04/22 00:39:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ami\Desktop\HijackThis.exe
[2011/04/21 12:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/21 12:10:18 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Ami\Documents\HitmanPro35.exe
[2011/04/20 16:50:13 | 000,000,000 | ---D | C] -- C:\Users\Ami\AppData\Local\{DFCA5936-C0F8-4604-AD6E-9965A1653C45}
[2011/04/20 16:48:21 | 000,000,000 | ---D | C] -- C:\Users\Ami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
[2011/04/15 14:41:06 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/15 14:41:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/15 14:41:05 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/15 14:41:04 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/15 14:40:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/15 14:40:57 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/15 14:40:57 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/15 14:40:57 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/15 14:40:57 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/15 14:40:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/15 14:40:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/15 14:40:57 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/15 14:40:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/15 14:40:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/15 14:40:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/15 14:40:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/15 14:40:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/15 14:40:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/15 14:40:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/15 14:40:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/15 14:40:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/15 14:40:53 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/15 14:40:53 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 14:40:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/15 14:40:49 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/03 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\Ami\Documents\441964669_files

========== Files - Modified Within 30 Days ==========

[2011/05/01 11:34:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ami\Desktop\OTL.exe
[2011/05/01 11:18:09 | 000,642,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 11:18:09 | 000,120,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 11:13:14 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/05/01 11:12:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 11:12:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 11:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 11:12:46 | 3211,124,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 12:00:33 | 000,066,669 | ---- | M] () -- C:\Users\Ami\Documents\Lilli's Nursery Resume.pdf
[2011/04/28 12:00:26 | 000,021,888 | ---- | M] () -- C:\Users\Ami\Documents\Lilli's Nursery Resume.odt
[2011/04/26 22:11:25 | 000,066,132 | ---- | M] () -- C:\Users\Ami\Documents\Ami S.House cleaner resume.pdf
[2011/04/26 22:11:18 | 000,021,252 | ---- | M] () -- C:\Users\Ami\Documents\Ami S.House cleaner resume.odt
[2011/04/26 08:49:58 | 000,367,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/25 16:59:57 | 000,010,290 | ---- | M] () -- C:\Users\Ami\Documents\tattoo ideas 2.odt
[2011/04/25 15:57:38 | 704,809,728 | ---- | M] (Microsoft Corporation) -- C:\Users\Ami\Desktop\X17-22376.exe
[2011/04/25 15:18:59 | 000,023,371 | ---- | M] () -- C:\Users\Ami\Documents\2nd theo paper.odt
[2011/04/25 09:55:16 | 000,016,504 | ---- | M] () -- C:\Users\Ami\AppData\Roaming\wklnhst.dat
[2011/04/23 17:06:26 | 000,293,019 | ---- | M] () -- C:\Users\Ami\Desktop\gmer.zip
[2011/04/23 17:02:25 | 000,625,664 | ---- | M] () -- C:\Users\Ami\Desktop\dds.scr
[2011/04/23 16:51:06 | 000,001,079 | ---- | M] () -- C:\Users\Ami\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/23 16:51:06 | 000,001,055 | ---- | M] () -- C:\Users\Ami\Desktop\Spybot - Search & Destroy.lnk
[2011/04/23 16:50:04 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Ami\Desktop\spybotsd162.exe
[2011/04/23 08:51:15 | 000,021,456 | ---- | M] () -- C:\Users\Ami\Documents\Abrakadoodle Resume Ami S.odt
[2011/04/22 00:39:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ami\Desktop\HijackThis.exe
[2011/04/21 12:18:11 | 000,000,000 | ---- | M] () -- C:\Users\Ami\AppData\Local\Kzurunuhogajimo.bin
[2011/04/21 12:17:42 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/21 12:16:27 | 000,003,894 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/04/21 12:10:24 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Ami\Documents\HitmanPro35.exe
[2011/04/20 17:10:54 | 000,033,792 | ---- | M] () -- C:\Users\Ami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 16:50:14 | 000,000,120 | ---- | M] () -- C:\Users\Ami\AppData\Local\Vjozuraca.dat
[2011/04/18 10:00:20 | 000,124,142 | ---- | M] () -- C:\Users\Ami\Documents\jerseyshort.jpg
[2011/04/17 16:57:04 | 000,012,784 | ---- | M] () -- C:\Users\Ami\Documents\workout.odt
[2011/04/12 22:19:24 | 000,510,946 | ---- | M] () -- C:\Users\Ami\Documents\Friends-Fun-friends-18944012-500-240.gif
[2011/04/12 22:17:56 | 000,511,508 | ---- | M] () -- C:\Users\Ami\Documents\Friends-friends-19674304-500-220.gif
[2011/04/11 16:42:16 | 004,983,278 | ---- | M] () -- C:\Users\Ami\Documents\tegan_and_sara-dancing_in_the_dark.mp3
[2011/04/03 21:39:00 | 000,025,315 | ---- | M] () -- C:\Users\Ami\Documents\441964669.htm
[2011/04/03 21:12:27 | 000,025,519 | ---- | M] () -- C:\Users\Ami\Documents\SOWK mental health presentation.rtf
[2011/04/03 21:12:15 | 000,011,645 | ---- | M] () -- C:\Users\Ami\Documents\Social work mental health presentation outline.rtf
[2011/04/03 21:11:59 | 000,007,568 | ---- | M] () -- C:\Users\Ami\Documents\philosophy paper 2.rtf
[2011/04/03 21:11:34 | 000,015,347 | ---- | M] () -- C:\Users\Ami\Documents\Social work mental health presentation outline.odt
[2011/04/02 21:30:55 | 000,025,287 | ---- | M] () -- C:\Users\Ami\Documents\SOWK mental health presentation.odt
[2011/04/02 21:00:37 | 000,015,349 | ---- | M] () -- C:\Users\Ami\Documents\Social work mental health presentation.odt
[2011/04/02 15:36:42 | 000,021,423 | ---- | M] () -- C:\Users\Ami\Documents\cashier resume ami.odt
[2011/04/02 15:36:04 | 000,066,130 | ---- | M] () -- C:\Users\Ami\Documents\cashier resume ami.pdf
[2011/04/01 23:44:33 | 000,019,872 | ---- | M] () -- C:\Users\Ami\Documents\philosophy paper 2.odt

========== Files Created - No Company Name ==========

[2011/04/28 12:00:33 | 000,066,669 | ---- | C] () -- C:\Users\Ami\Documents\Lilli's Nursery Resume.pdf
[2011/04/28 12:00:25 | 000,021,888 | ---- | C] () -- C:\Users\Ami\Documents\Lilli's Nursery Resume.odt
[2011/04/26 22:11:24 | 000,066,132 | ---- | C] () -- C:\Users\Ami\Documents\Ami S.House cleaner resume.pdf
[2011/04/26 22:11:17 | 000,021,252 | ---- | C] () -- C:\Users\Ami\Documents\Ami S.House cleaner resume.odt
[2011/04/23 17:06:26 | 000,293,019 | ---- | C] () -- C:\Users\Ami\Desktop\gmer.zip
[2011/04/23 17:02:25 | 000,625,664 | ---- | C] () -- C:\Users\Ami\Desktop\dds.scr
[2011/04/23 13:05:43 | 000,023,371 | ---- | C] () -- C:\Users\Ami\Documents\2nd theo paper.odt
[2011/04/23 08:51:13 | 000,021,456 | ---- | C] () -- C:\Users\Ami\Documents\Abrakadoodle Resume Ami S.odt
[2011/04/21 12:16:27 | 000,003,894 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/04/21 12:10:55 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/20 16:50:14 | 000,000,120 | ---- | C] () -- C:\Users\Ami\AppData\Local\Vjozuraca.dat
[2011/04/20 16:50:14 | 000,000,000 | ---- | C] () -- C:\Users\Ami\AppData\Local\Kzurunuhogajimo.bin
[2011/04/18 10:00:09 | 000,124,142 | ---- | C] () -- C:\Users\Ami\Documents\jerseyshort.jpg
[2011/04/17 16:57:03 | 000,012,784 | ---- | C] () -- C:\Users\Ami\Documents\workout.odt
[2011/04/12 22:19:24 | 000,510,946 | ---- | C] () -- C:\Users\Ami\Documents\Friends-Fun-friends-18944012-500-240.gif
[2011/04/12 22:17:56 | 000,511,508 | ---- | C] () -- C:\Users\Ami\Documents\Friends-friends-19674304-500-220.gif
[2011/04/09 23:57:31 | 004,983,278 | ---- | C] () -- C:\Users\Ami\Documents\tegan_and_sara-dancing_in_the_dark.mp3
[2011/04/03 21:38:59 | 000,025,315 | ---- | C] () -- C:\Users\Ami\Documents\441964669.htm
[2011/04/03 21:12:25 | 000,025,519 | ---- | C] () -- C:\Users\Ami\Documents\SOWK mental health presentation.rtf
[2011/04/03 21:12:13 | 000,011,645 | ---- | C] () -- C:\Users\Ami\Documents\Social work mental health presentation outline.rtf
[2011/04/03 21:11:34 | 000,015,347 | ---- | C] () -- C:\Users\Ami\Documents\Social work mental health presentation outline.odt
[2011/04/02 21:15:54 | 000,025,287 | ---- | C] () -- C:\Users\Ami\Documents\SOWK mental health presentation.odt
[2011/04/02 20:59:32 | 000,015,349 | ---- | C] () -- C:\Users\Ami\Documents\Social work mental health presentation.odt
[2011/04/02 15:36:04 | 000,066,130 | ---- | C] () -- C:\Users\Ami\Documents\cashier resume ami.pdf
[2011/04/02 15:35:41 | 000,021,423 | ---- | C] () -- C:\Users\Ami\Documents\cashier resume ami.odt
[2010/01/02 23:14:16 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/02 23:14:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/02 23:14:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/02 23:14:16 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/02 23:14:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/28 14:29:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/28 13:13:30 | 000,000,191 | ---- | C] () -- C:\Windows\QTW.INI
[2009/08/09 16:32:20 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF30.ini
[2009/04/04 10:35:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/04 10:35:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/14 23:00:15 | 000,000,091 | ---- | C] () -- C:\Users\Ami\AppData\Local\fusioncache.dat
[2008/09/21 20:34:32 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/09/21 20:34:32 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/09/21 20:34:32 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/09/21 20:34:32 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/09/21 20:34:32 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/09/21 20:34:32 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/09/21 20:34:32 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/09/21 20:34:32 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/09/21 20:34:32 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/09/21 20:34:32 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/09/21 20:34:32 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/09/21 20:34:32 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/09/21 20:34:32 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/09/21 20:34:32 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/09/21 20:34:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/09/21 20:34:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/09/21 20:34:21 | 000,000,077 | ---- | C] () -- C:\Windows\EPSC120.ini
[2008/09/21 19:49:33 | 000,980,196 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/08/30 17:15:57 | 000,005,864 | ---- | C] () -- C:\Users\Ami\AppData\Local\d3d9caps.dat
[2008/08/30 14:52:20 | 000,016,504 | ---- | C] () -- C:\Users\Ami\AppData\Roaming\wklnhst.dat
[2008/08/30 14:45:21 | 000,033,792 | ---- | C] () -- C:\Users\Ami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/24 06:01:55 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/07/24 06:01:55 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/07/24 06:01:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/07/24 06:01:55 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/01 09:11:20 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,367,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,642,906 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,064 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 700 bytes -> C:\Users\Ami\Documents\bball.eml:OECustomProperty

< End of report >


OTL Extras logfile created on: 5/1/2011 11:35:00 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ami\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.20 Gb Total Space | 93.15 Gb Free Space | 42.11% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 2.01 Gb Free Space | 17.18% Space Free | Partition Type: NTFS

Computer Name: AMIPC | User Name: Ami | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C8C5F324-7DAA-45F7-9E70-7DC90741E43B}" = lport=5191 | protocol=6 | dir=in | name=the browser highlighter xcom |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13A16D8B-DEB4-4F80-8AE5-3CBFAE561063}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{2068CB7E-F352-4121-8C01-A9E4F7F05F3D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{26DBE8A1-3F3E-4C71-8049-DDB32952D853}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{384C4849-5BEC-4C9C-8F93-6C387EB82AAA}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{39FDC3F0-5EA4-423B-A8C5-04BD4C4F6E6A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3F08D5A9-9F22-4055-ADF7-F78D63818AC2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{46633B46-EB0E-45A3-A960-D04CAF47C377}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{4A87FB8B-FA3B-4417-BA21-C5D381936FEB}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{54275B38-B177-4E13-AE3C-0FD4522C26FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FAC1416-30D7-482B-98E6-22091C8E8D71}" = protocol=17 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{6C1FE0FE-788B-40FA-94F4-0281F01BB8FA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7055EFAE-7D22-4F87-B68C-BE56204F0117}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{775DD391-F5FA-438D-9187-80F009EF848A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8FF51267-188C-4E67-9EA7-B8ED02CAA117}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{997E101F-784B-4387-A3A7-D125538FEA80}" = protocol=17 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{9F497C0E-C6D3-4DC4-BD8C-A248C8AA684D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A01E79AE-69B0-4406-8C0C-3213791F458B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A0739AF2-A3B7-4060-91DF-F6F881C9775D}" = protocol=6 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{AA05BC65-3552-4F09-99B9-9069745FBDB7}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{AEFB4DA4-9849-41DE-9DD9-F32461F5054B}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B55BE246-05F3-4FF6-A85A-CDDDA42FA7A4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B7AB4082-A6A5-4E6F-86DC-E91D55A9D0BC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C401984A-8DFB-4929-8508-B3EC96833954}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C88CB336-0DCA-47A9-B39A-01D4F92372D4}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{D85350BF-E883-4CFC-BA2F-0FFF21A7791E}" = protocol=6 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{E63CDD7C-F6BD-4418-BF31-0096B8382556}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F806188C-8847-4358-A197-97D473C40A03}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{3AC83510-0564-438A-BDF4-C03B2DF6AC96}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{63488689-52F2-4AFD-8C15-990C9ADCBA47}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B670BFD1-2E6F-41CC-98CF-2343506354E5}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{26CD7196-3273-40B7-A28D-007D1661C63D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{2B99C551-B4EE-444F-B573-6A10CCD17465}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5F456CD9-D552-4648-9EAB-41BD2E93D68C}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"62289540-dc30-11dc-95ff-0800200c9a66_is1" = Turbine Download Manager 1.1.3317.23144
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Canon MX330 series User Registration" = Canon MX330 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON WorkForce 30 Series" = EPSON WorkForce 30 Series Printer Uninstall
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"NAV" = Norton AntiVirus
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 6.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON C120 User's Guide
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:30 AM

Posted 01 May 2011 - 01:08 PM

Hi,

please run a scan with gooredfix next:
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 schr1111

schr1111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 01 May 2011 - 01:44 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:42 on 01/05/2011 (Ami)
Firefox version 3.6.16 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:47 30/01/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [19:25 28/12/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [04:52 02/01/2010]

C:\Users\Ami\Application Data\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions\
activegs@freetoolsassociation.com [04:28 22/01/2010]
browserhighlighter@ebay.com [19:26 28/12/2009]
{20a82645-c095-46ed-80e3-08825760534b} [00:11 30/10/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [17:04 31/08/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:26 04/04/2009]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\" [02:06 10/07/2010]

-=E.O.F=-

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:30 AM

Posted 01 May 2011 - 05:18 PM

Hi,

this was the first time you ran the utility and you didn't have it remove anything, right?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 schr1111

schr1111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 01 May 2011 - 06:28 PM

The first time I ran Gooredfix? Yes. It said it would automatically check for and remove infection. Is that what you are referring to?

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:30 AM

Posted 02 May 2011 - 05:26 AM

Hi,

ok, are you still getting redirected?

I was just surprised to see that gooredfix didn't show the infection, it is normally very reliable.

Please post a new log from OTL too in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:30 AM

Posted 02 May 2011 - 05:27 AM

Hi,

ok, are you still getting redirected?

I was just surprised to see that gooredfix didn't show the infection, it is normally very reliable.

Please post a new log from OTL too in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 schr1111

schr1111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 02 May 2011 - 10:30 AM

Yes, I am still being redirected.

OTL logfile created on: 5/2/2011 10:22:17 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ami\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.20 Gb Total Space | 93.13 Gb Free Space | 42.10% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 2.01 Gb Free Space | 17.18% Space Free | Partition Type: NTFS

Computer Name: AMIPC | User Name: Ami | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 09:39:55 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2011/05/02 09:39:55 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/05/01 11:34:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ami\Desktop\OTL.exe
PRC - [2011/03/25 22:08:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/07/06 20:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/01/26 16:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/31 12:03:54 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 11:34:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ami\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/01/30 12:58:20 | 000,255,472 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/01/30 12:58:20 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/04/21 12:17:42 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/09/29 10:12:17 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101007.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/29 10:12:16 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101007.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/15 13:02:21 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101005.005\IDSvix86.sys -- (IDSVix86)
DRV - [2010/08/31 17:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/09 21:23:21 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/09 21:23:21 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/09 21:06:00 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/29 19:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/01 10:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 22:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/28 10:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/18 07:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:2.4.26
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.19126
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {DFCA5936-C0F8-4604-AD6E-9965A1653C45}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/31 12:04:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/07/11 17:15:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 22:08:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 22:08:31 | 000,000,000 | ---D | M]

[2009/01/30 17:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ami\AppData\Roaming\Mozilla\Extensions
[2011/05/01 22:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ami\AppData\Roaming\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions
[2010/10/29 19:11:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ami\AppData\Roaming\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/21 23:28:10 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Ami\AppData\Roaming\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions\activegs@freetoolsassociation.com
[2011/04/30 09:47:18 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Ami\AppData\Roaming\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions\browserhighlighter@ebay.com
[2011/02/06 15:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 17:15:37 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPLGN
[2011/04/20 16:50:13 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\AMI\APPDATA\LOCAL\{DFCA5936-C0F8-4604-AD6E-9965A1653C45}
[2010/02/22 12:28:03 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\AMI\APPDATA\ROAMING\MOVE NETWORKS

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1638465346-3806529337-3110922156-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 140.209.1.17 140.209.1.5 137.192.2.3 206.9.64.101
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ami\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ami\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 08:57:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{81332db8-4bfb-11e0-a9a8-8eb9b4189357}\Shell - "" = AutoRun
O33 - MountPoints2\{81332db8-4bfb-11e0-a9a8-8eb9b4189357}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 13:42:55 | 000,000,000 | ---D | C] -- C:\Users\Ami\Desktop\GooredFix Backups
[2011/05/01 13:42:26 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Ami\Desktop\GooredFix.exe
[2011/05/01 11:34:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Ami\Desktop\OTL.exe
[2011/04/27 20:22:32 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 20:22:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/25 16:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/04/25 16:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/25 16:14:14 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/04/25 16:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/04/25 16:10:33 | 000,000,000 | ---D | C] -- C:\Users\Ami\AppData\Local\Microsoft Help
[2011/04/25 16:10:01 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/04/25 15:25:18 | 704,809,728 | ---- | C] (Microsoft Corporation) -- C:\Users\Ami\Desktop\X17-22376.exe
[2011/04/23 17:07:01 | 000,000,000 | ---D | C] -- C:\Users\Ami\Desktop\gmer
[2011/04/23 16:43:58 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Ami\Desktop\spybotsd162.exe
[2011/04/22 00:39:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ami\Desktop\HijackThis.exe
[2011/04/21 12:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/21 12:10:18 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Ami\Documents\HitmanPro35.exe
[2011/04/20 16:50:13 | 000,000,000 | ---D | C] -- C:\Users\Ami\AppData\Local\{DFCA5936-C0F8-4604-AD6E-9965A1653C45}
[2011/04/20 16:48:21 | 000,000,000 | ---D | C] -- C:\Users\Ami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
[2011/04/15 14:41:06 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/15 14:41:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/15 14:41:05 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/15 14:41:04 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/15 14:40:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/15 14:40:57 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/15 14:40:57 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/15 14:40:57 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/15 14:40:57 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/15 14:40:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/15 14:40:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/15 14:40:57 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/15 14:40:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/15 14:40:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/15 14:40:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/15 14:40:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/15 14:40:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/15 14:40:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/15 14:40:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/15 14:40:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/15 14:40:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/15 14:40:53 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/15 14:40:53 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 14:40:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/15 14:40:49 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/03 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\Ami\Documents\441964669_files

========== Files - Modified Within 30 Days ==========

[2011/05/02 10:20:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 09:45:23 | 000,642,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 09:45:23 | 000,120,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/02 09:40:10 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/05/02 09:39:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 09:39:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 09:39:44 | 3211,124,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 13:42:26 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Ami\Desktop\GooredFix.exe
[2011/05/01 11:34:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ami\Desktop\OTL.exe
[2011/04/28 12:00:33 | 000,066,669 | ---- | M] () -- C:\Users\Ami\Documents\Lilli's Nursery Resume.pdf
[2011/04/28 12:00:26 | 000,021,888 | ---- | M] () -- C:\Users\Ami\Documents\Lilli's Nursery Resume.odt
[2011/04/26 22:11:25 | 000,066,132 | ---- | M] () -- C:\Users\Ami\Documents\Ami S.House cleaner resume.pdf
[2011/04/26 22:11:18 | 000,021,252 | ---- | M] () -- C:\Users\Ami\Documents\Ami S.House cleaner resume.odt
[2011/04/26 08:49:58 | 000,367,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/25 16:59:57 | 000,010,290 | ---- | M] () -- C:\Users\Ami\Documents\tattoo ideas 2.odt
[2011/04/25 15:57:38 | 704,809,728 | ---- | M] (Microsoft Corporation) -- C:\Users\Ami\Desktop\X17-22376.exe
[2011/04/25 15:18:59 | 000,023,371 | ---- | M] () -- C:\Users\Ami\Documents\2nd theo paper.odt
[2011/04/25 09:55:16 | 000,016,504 | ---- | M] () -- C:\Users\Ami\AppData\Roaming\wklnhst.dat
[2011/04/23 17:06:26 | 000,293,019 | ---- | M] () -- C:\Users\Ami\Desktop\gmer.zip
[2011/04/23 17:02:25 | 000,625,664 | ---- | M] () -- C:\Users\Ami\Desktop\dds.scr
[2011/04/23 16:51:06 | 000,001,079 | ---- | M] () -- C:\Users\Ami\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/23 16:51:06 | 000,001,055 | ---- | M] () -- C:\Users\Ami\Desktop\Spybot - Search & Destroy.lnk
[2011/04/23 16:50:04 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Ami\Desktop\spybotsd162.exe
[2011/04/23 08:51:15 | 000,021,456 | ---- | M] () -- C:\Users\Ami\Documents\Abrakadoodle Resume Ami S.odt
[2011/04/22 00:39:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ami\Desktop\HijackThis.exe
[2011/04/21 12:18:11 | 000,000,000 | ---- | M] () -- C:\Users\Ami\AppData\Local\Kzurunuhogajimo.bin
[2011/04/21 12:17:42 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/21 12:16:27 | 000,003,894 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/04/21 12:10:24 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Ami\Documents\HitmanPro35.exe
[2011/04/20 17:10:54 | 000,033,792 | ---- | M] () -- C:\Users\Ami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 16:50:14 | 000,000,120 | ---- | M] () -- C:\Users\Ami\AppData\Local\Vjozuraca.dat
[2011/04/18 10:00:20 | 000,124,142 | ---- | M] () -- C:\Users\Ami\Documents\jerseyshort.jpg
[2011/04/17 16:57:04 | 000,012,784 | ---- | M] () -- C:\Users\Ami\Documents\workout.odt
[2011/04/12 22:19:24 | 000,510,946 | ---- | M] () -- C:\Users\Ami\Documents\Friends-Fun-friends-18944012-500-240.gif
[2011/04/12 22:17:56 | 000,511,508 | ---- | M] () -- C:\Users\Ami\Documents\Friends-friends-19674304-500-220.gif
[2011/04/11 16:42:16 | 004,983,278 | ---- | M] () -- C:\Users\Ami\Documents\tegan_and_sara-dancing_in_the_dark.mp3
[2011/04/03 21:39:00 | 000,025,315 | ---- | M] () -- C:\Users\Ami\Documents\441964669.htm
[2011/04/03 21:12:27 | 000,025,519 | ---- | M] () -- C:\Users\Ami\Documents\SOWK mental health presentation.rtf
[2011/04/03 21:12:15 | 000,011,645 | ---- | M] () -- C:\Users\Ami\Documents\Social work mental health presentation outline.rtf
[2011/04/03 21:11:59 | 000,007,568 | ---- | M] () -- C:\Users\Ami\Documents\philosophy paper 2.rtf
[2011/04/03 21:11:34 | 000,015,347 | ---- | M] () -- C:\Users\Ami\Documents\Social work mental health presentation outline.odt
[2011/04/02 21:30:55 | 000,025,287 | ---- | M] () -- C:\Users\Ami\Documents\SOWK mental health presentation.odt
[2011/04/02 21:00:37 | 000,015,349 | ---- | M] () -- C:\Users\Ami\Documents\Social work mental health presentation.odt
[2011/04/02 15:36:42 | 000,021,423 | ---- | M] () -- C:\Users\Ami\Documents\cashier resume ami.odt
[2011/04/02 15:36:04 | 000,066,130 | ---- | M] () -- C:\Users\Ami\Documents\cashier resume ami.pdf

========== Files Created - No Company Name ==========

[2011/04/28 12:00:33 | 000,066,669 | ---- | C] () -- C:\Users\Ami\Documents\Lilli's Nursery Resume.pdf
[2011/04/28 12:00:25 | 000,021,888 | ---- | C] () -- C:\Users\Ami\Documents\Lilli's Nursery Resume.odt
[2011/04/26 22:11:24 | 000,066,132 | ---- | C] () -- C:\Users\Ami\Documents\Ami S.House cleaner resume.pdf
[2011/04/26 22:11:17 | 000,021,252 | ---- | C] () -- C:\Users\Ami\Documents\Ami S.House cleaner resume.odt
[2011/04/23 17:06:26 | 000,293,019 | ---- | C] () -- C:\Users\Ami\Desktop\gmer.zip
[2011/04/23 17:02:25 | 000,625,664 | ---- | C] () -- C:\Users\Ami\Desktop\dds.scr
[2011/04/23 13:05:43 | 000,023,371 | ---- | C] () -- C:\Users\Ami\Documents\2nd theo paper.odt
[2011/04/23 08:51:13 | 000,021,456 | ---- | C] () -- C:\Users\Ami\Documents\Abrakadoodle Resume Ami S.odt
[2011/04/21 12:16:27 | 000,003,894 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/04/21 12:10:55 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/20 16:50:14 | 000,000,120 | ---- | C] () -- C:\Users\Ami\AppData\Local\Vjozuraca.dat
[2011/04/20 16:50:14 | 000,000,000 | ---- | C] () -- C:\Users\Ami\AppData\Local\Kzurunuhogajimo.bin
[2011/04/18 10:00:09 | 000,124,142 | ---- | C] () -- C:\Users\Ami\Documents\jerseyshort.jpg
[2011/04/17 16:57:03 | 000,012,784 | ---- | C] () -- C:\Users\Ami\Documents\workout.odt
[2011/04/12 22:19:24 | 000,510,946 | ---- | C] () -- C:\Users\Ami\Documents\Friends-Fun-friends-18944012-500-240.gif
[2011/04/12 22:17:56 | 000,511,508 | ---- | C] () -- C:\Users\Ami\Documents\Friends-friends-19674304-500-220.gif
[2011/04/09 23:57:31 | 004,983,278 | ---- | C] () -- C:\Users\Ami\Documents\tegan_and_sara-dancing_in_the_dark.mp3
[2011/04/03 21:38:59 | 000,025,315 | ---- | C] () -- C:\Users\Ami\Documents\441964669.htm
[2011/04/03 21:12:25 | 000,025,519 | ---- | C] () -- C:\Users\Ami\Documents\SOWK mental health presentation.rtf
[2011/04/03 21:12:13 | 000,011,645 | ---- | C] () -- C:\Users\Ami\Documents\Social work mental health presentation outline.rtf
[2011/04/03 21:11:34 | 000,015,347 | ---- | C] () -- C:\Users\Ami\Documents\Social work mental health presentation outline.odt
[2011/04/02 21:15:54 | 000,025,287 | ---- | C] () -- C:\Users\Ami\Documents\SOWK mental health presentation.odt
[2011/04/02 20:59:32 | 000,015,349 | ---- | C] () -- C:\Users\Ami\Documents\Social work mental health presentation.odt
[2011/04/02 15:36:04 | 000,066,130 | ---- | C] () -- C:\Users\Ami\Documents\cashier resume ami.pdf
[2011/04/02 15:35:41 | 000,021,423 | ---- | C] () -- C:\Users\Ami\Documents\cashier resume ami.odt
[2010/01/02 23:14:16 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/02 23:14:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/02 23:14:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/02 23:14:16 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/02 23:14:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/28 14:29:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/28 13:13:30 | 000,000,191 | ---- | C] () -- C:\Windows\QTW.INI
[2009/08/09 16:32:20 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF30.ini
[2009/04/04 10:35:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/04 10:35:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/14 23:00:15 | 000,000,091 | ---- | C] () -- C:\Users\Ami\AppData\Local\fusioncache.dat
[2008/09/21 20:34:32 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/09/21 20:34:32 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/09/21 20:34:32 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/09/21 20:34:32 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/09/21 20:34:32 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/09/21 20:34:32 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/09/21 20:34:32 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/09/21 20:34:32 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/09/21 20:34:32 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/09/21 20:34:32 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/09/21 20:34:32 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/09/21 20:34:32 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/09/21 20:34:32 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/09/21 20:34:32 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/09/21 20:34:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/09/21 20:34:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/09/21 20:34:21 | 000,000,077 | ---- | C] () -- C:\Windows\EPSC120.ini
[2008/09/21 19:49:33 | 000,980,196 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/08/30 17:15:57 | 000,005,864 | ---- | C] () -- C:\Users\Ami\AppData\Local\d3d9caps.dat
[2008/08/30 14:52:20 | 000,016,504 | ---- | C] () -- C:\Users\Ami\AppData\Roaming\wklnhst.dat
[2008/08/30 14:45:21 | 000,033,792 | ---- | C] () -- C:\Users\Ami\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/24 06:01:55 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/07/24 06:01:55 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/07/24 06:01:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/07/24 06:01:55 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/01 09:11:20 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,367,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,642,906 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,064 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 700 bytes -> C:\Users\Ami\Documents\bball.eml:OECustomProperty

< End of report >

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:30 AM

Posted 02 May 2011 - 03:23 PM

Hi,

please run a scan with gooredfix next:
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 schr1111

schr1111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 02 May 2011 - 04:00 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:58 on 02/05/2011 (Ami)
Firefox version 3.6.16 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:47 30/01/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [19:25 28/12/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [04:52 02/01/2010]

C:\Users\Ami\Application Data\Mozilla\Firefox\Profiles\9u3je5ik.default\extensions\
activegs@freetoolsassociation.com [04:28 22/01/2010]
browserhighlighter@ebay.com [19:26 28/12/2009]
{20a82645-c095-46ed-80e3-08825760534b} [00:11 30/10/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [17:04 31/08/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:26 04/04/2009]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\" [02:06 10/07/2010]

---------- Old Logs ----------
GooredFix[18.42.55_01-05-2011].txt

-=E.O.F=-

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:30 AM

Posted 02 May 2011 - 04:19 PM

Hi,

did gooredfix detect and delete something in its initial run?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 schr1111

schr1111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 02 May 2011 - 04:39 PM

Yeah, I'm a little confused too. GooredFix said it would scan and automatically fix any problems, but I didn't get any details other than it was completed. In the past hour, I haven't gotten redirected at all, but it still might happen I guess. Is that all I had to do to fix it? Like if I had this problem again, should I just run GooredFix?

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:30 AM

Posted 02 May 2011 - 04:49 PM

Hi,

not necessarily there's a big number of infection causing redirects and only of the most harmless ones can be targetted by gooredfix. Gooredfix essentially deleted a malicious firefox extension that was installed into your firefox.

Could you rerun OTL, so that I can see if the extension is gone.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users