Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of "My Websearch" toolbar in IE


  • This topic is locked This topic is locked
14 replies to this topic

#1 cat54mom

cat54mom

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 23 May 2012 - 10:18 PM

"My Websearch" has taken over my IE. I know there are lots of posts concerning its removal, but I have had no luck with every suggestion I could find in Google. Google is still listed as my default search provider, but I am still be redirected to this unwanted pest in IE. There is nothing listed in "Add or remove programs", and Revo Uninstaller doesn't list anything out of the ordinary either, so there is nothing visible to uninstall. I ran Spybot, and it found nothing. I was blocked from running Malwarebytes directly, but was able to access it through its Chameleon--it found and cleaned 35 hits, but when I rebooted, IE still goes to "My Websearch". Since I was using the previous version of MalwareBytes (although I had updated it), I downloaded the latest version of MalwareBytes (I am no longer blocked from that, at least) and ran it in safe mode--no infection found. I ran HiJackThis, and have attached the log. It includes "R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com..." -- I'm wondering if I am supposed to remove this with HiJackThis?

Thanks in advance for any help!

Edited by Orange Blossom, 23 May 2012 - 11:37 PM.
Deactivated link. ~ OB


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 23 May 2012 - 11:37 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:12:03 AM

Posted 28 May 2012 - 07:03 AM

Hi cat54mom,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
M-K-D-B

#4 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:12:03 AM

Posted 29 May 2012 - 04:56 AM

Hi cat54mom,


:welcome: to BleepingComputer.

My name is M-K-D-B and I'll help you with the cleanup of your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





I was blocked from running Malwarebytes directly, but was able to access it through its Chameleon--it found and cleaned 35 hits, but when I rebooted, IE still goes to "My Websearch".

To get a better overview, I would like to post the logfile from Malwarebytes' Anti-Malware.

Run Malwarebytes.
Click on the Log tab.
Please post the logfile for further review. Thank you!



I ran HiJackThis, and have attached the log. It includes "R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com..." -- I'm wondering if I am supposed to remove this with HiJackThis?

Let's scan your computer with OTL to get a first impression before starting a fix. :)





Step 1
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized





What you should post with your next answer:
  • the logfile from Malwarebytes' Anti-Malware,
  • the logfiles from OTL,
  • any further information that seems to be important in your eyes.

Regards,
M-K-D-B

#5 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:12:03 AM

Posted 01 June 2012 - 09:54 AM

Hi cat54mom,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B

#6 cat54mom

cat54mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 01 June 2012 - 08:40 PM

Yes, I still need help. I have just been too busy to check this website. I will do the steps you requested. :)

#7 cat54mom

cat54mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 02 June 2012 - 08:14 AM

Here are MalwareBytes logs from 3 scans: the first 2 are logs from scans where I tried to clear the infection, and the 3rd is one I ran overnight.

------------------------------------------
This is the Malwarebytes log from the FIRST scan I ran after the infection:
------------------------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: DJ56JVD1 [administrator]

5/23/2012 12:01:04 AM
mbam-log-2012-05-23 (00-01-04).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 345109
Time elapsed: 1 hour(s), 15 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 35
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP946\A0090443.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090482.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090467.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090468.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090469.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090470.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090471.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090472.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090473.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090474.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090475.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090476.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090477.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090478.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090480.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090481.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090483.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090487.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090490.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090492.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090493.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090494.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090495.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090496.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090497.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090498.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090499.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090500.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090501.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090502.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090503.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090504.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090505.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090506.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP948\A0090522.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)
------------------------------------------
This is the 2nd scan I ran in safe mode shortly after the first scan
------------------------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
all :: DJ56JVD1 [administrator]

5/23/2012 8:07:47 AM
mbam-log-2012-05-23 (08-07-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352578
Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
------------------------------------------
Malwarebytes scan I just ran overnight
------------------------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
all :: DJ56JVD1 [administrator]

6/1/2012 10:31:28 PM
mbam-log-2012-06-01 (22-31-28).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 348761
Time elapsed: 1 hour(s), 13 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\ScorchPDFWrapper.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

(end)

#8 cat54mom

cat54mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 02 June 2012 - 08:32 AM

This is OTL.txt. I did not see a file Extra.txt minimized.

OTL logfile created on: 6/2/2012 8:26:47 AM - Run 3
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\all\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.14% Memory free
3.84 Gb Paging File | 3.18 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 180.63 Gb Free Space | 78.61% Space Free | Partition Type: NTFS

Computer Name: DJ56JVD1 | User Name: all | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/01 21:41:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\all\Desktop\OTL(1).exe
PRC - [2012/04/20 21:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/19 01:11:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe
PRC - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2008/09/14 17:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/09/14 17:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/26 08:52:42 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/24 11:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 08:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/20 21:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/14 13:22:09 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\873202699833a0c3d031c82b556a7296\System.ServiceProcess.ni.dll
MOD - [2012/04/14 13:10:44 | 013,196,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
MOD - [2012/04/14 13:10:31 | 001,665,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
MOD - [2012/02/19 17:33:17 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll
MOD - [2012/02/19 17:33:15 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/02/19 17:33:14 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/02/19 13:21:29 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/19 13:21:24 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/19 13:21:17 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/02/19 13:21:12 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/19 13:21:03 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/02/19 13:13:52 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2009/04/15 00:37:07 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2008/09/14 17:44:56 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/09/14 17:44:56 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/06/26 08:52:42 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
MOD - [2008/06/26 08:52:42 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe -- (NIS)
SRV - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2009/02/14 14:12:30 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/14 17:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/10 20:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/07/10 20:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2008/07/10 02:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/06/26 08:52:42 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/13 20:12:38 | 000,073,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 20:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 20:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 20:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 20:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/31 16:22:26 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 16:22:26 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/22 23:39:01 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/05/15 20:29:20 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120601.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 20:29:19 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120601.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/27 20:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120601.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120517.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/09 10:57:28 | 000,024,328 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/09/18 13:23:55 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symds.sys -- (SymDS)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207010.003\ironx86.sys -- (SymIRON)
DRV - [2008/09/14 17:36:56 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/14 17:36:54 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/04/13 14:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 14:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541)
DRV - [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/24 11:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2004/08/04 06:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 06:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 15:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2001/08/17 15:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2001/08/17 15:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2001/08/17 15:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/17 15:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2001/08/17 14:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2001/08/17 14:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2001/08/17 14:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/17 14:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2001/08/17 14:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2001/08/17 14:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001/08/17 14:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2001/08/17 14:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2001/08/17 14:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/17 14:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071001
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071001
IE - HKLM\..\SearchScopes,DefaultScope = {b0441a0e-a49a-4e16-afc1-74ecced1921f}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm011YYus&ptnrS=UXxdm011YYus&si=maps4pc&ptb=ADD6AAD9-56B5-4AB1-B492-69BC0EBF0848&ind=2012052019&n=77ed7a33&psa=&st=sb&searchfor={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071001
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071001
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071001
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071001
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0071001
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=UXxdm011YYus&ptb=ADD6AAD9-56B5-4AB1-B492-69BC0EBF0848&si=maps4pc
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..\SearchScopes,DefaultScope = {9A2CC6D3-DDCA-4520-9D51-115D95893910}
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..\SearchScopes\{9A2CC6D3-DDCA-4520-9D51-115D95893910}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..\SearchScopes\{9F1DB72A-CDCD-40FC-95DE-7AE26547492A}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..\SearchScopes\{A4F7FF72-5A5A-41CA-BF04-A56E627609C5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\all\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\all\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/02/01 12:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_7_5 [2012/06/02 07:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/25 23:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/27 12:24:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\all\Application Data\Move Networks [2009/11/12 17:56:50 | 000,000,000 | ---D | M]

[2009/11/08 12:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\all\Application Data\Mozilla\Extensions
[2012/05/25 22:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\all\Application Data\Mozilla\Firefox\Profiles\ox09oqts.default\extensions
[2011/03/22 16:35:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\all\Application Data\Mozilla\Firefox\Profiles\ox09oqts.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/23 09:41:10 | 000,001,440 | ---- | M] () -- C:\Documents and Settings\all\Application Data\Mozilla\Firefox\Profiles\ox09oqts.default\searchplugins\bulbapedia-en.xml
[2012/05/25 22:51:43 | 000,002,470 | ---- | M] () -- C:\Documents and Settings\all\Application Data\Mozilla\Firefox\Profiles\ox09oqts.default\searchplugins\safesearch.xml
[2012/05/25 22:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/02 07:58:05 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_7_5
[2012/02/01 12:46:08 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 15:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/19 01:11:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 15:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/22 16:30:43 | 000,435,589 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14993 more lines...
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.mapsgalaxy.com/one-toolbaredits/menusearch.jhtml?s=202980021&p=UXxdm011YYus&si=maps4pc&a=ADD6AAD9-56B5-4AB1-B492-69BC0EBF0848&n=2012052019 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..Trusted Domains: learndevnow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260658430078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258841153812 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} http://www.tellmemorecampus.com/bin/tol9inst.cab (Installer9Ctrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ive.gd-ais.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://lightson.tva.gov/On-DemandAgent/SodaAgent.CAB (SodaAgt Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F60ADF5E-28FB-4543-B20A-80ACC050B348}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\all\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\all\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{adfbed7e-9763-11de-98e6-0019d1e5af81}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 21:41:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\all\Desktop\OTL(1).exe
[2012/05/27 12:57:13 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/25 23:24:21 | 010,437,264 | ---- | C] (PDFTron Systems Inc.) -- C:\Program Files\PDFNetC.dll
[2012/05/25 23:24:20 | 000,371,064 | ---- | C] (Musicnotes, Inc.) -- C:\Program Files\npmusicn.dll
[2012/05/25 23:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/25 23:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/25 22:28:53 | 000,024,328 | ---- | C] (CPUID) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2012/05/25 22:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/05/25 22:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2012/05/23 08:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\all\Start Menu\Programs\HiJackThis
[2012/05/22 21:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/05/22 21:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\all\Start Menu\Programs\Revo Uninstaller
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/02 07:59:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/02 07:57:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/02 07:57:43 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 21:41:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\all\Desktop\OTL(1).exe
[2012/06/01 21:17:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/05/30 15:02:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/30 11:27:13 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\all\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/05/27 12:57:13 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/27 12:57:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/27 10:17:13 | 000,406,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/25 23:24:23 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guitar Guru.lnk
[2012/05/25 23:24:23 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Musicnotes Player.lnk
[2012/05/25 23:17:34 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/25 22:34:58 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/25 22:28:54 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2012/05/23 08:59:03 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\all\Desktop\HiJackThis.lnk
[2012/05/23 07:23:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 23:39:01 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/05/22 21:42:28 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\all\Desktop\Revo Uninstaller.lnk
[2012/05/22 21:35:32 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\all\Desktop\Install Revo Uninstaller.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/25 23:24:23 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Guitar Guru.lnk
[2012/05/25 23:24:21 | 008,810,736 | ---- | C] () -- C:\Program Files\NPSibelius.dll
[2012/05/25 23:17:34 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/25 22:28:54 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2012/05/23 08:59:03 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\all\Desktop\HiJackThis.lnk
[2012/05/23 08:49:17 | 2145,304,576 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/23 07:23:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 23:39:01 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/05/22 21:42:28 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\all\Desktop\Revo Uninstaller.lnk
[2012/05/22 21:35:32 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\all\Desktop\Install Revo Uninstaller.lnk
[2012/02/19 13:06:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 22:08:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/27 22:08:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/22 01:11:50 | 003,454,807 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2514476108-1748650611-897742233-1005-0.dat
[2012/01/22 01:11:49 | 000,382,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/20 23:56:44 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/29 10:10:53 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\xxconsole.ini
[2011/09/18 11:26:18 | 000,001,649 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/06/22 12:24:50 | 000,000,589 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/12/25 20:33:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Basic Synth
[2010/12/25 20:29:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Audio Units
[2010/12/25 20:29:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Applause and Laugher
[2010/12/17 22:58:31 | 000,000,165 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/03 22:27:38 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/12/03 22:27:37 | 001,914,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm16.dll
[2010/12/03 22:27:37 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/12/03 22:27:37 | 000,173,416 | ---- | C] () -- C:\WINDOWS\System32\LCodcScr2.dll
[2010/12/03 22:27:37 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/12/03 22:27:37 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/12/03 22:27:37 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/12/03 22:27:37 | 000,116,072 | ---- | C] () -- C:\WINDOWS\System32\LMAMpgCnv.dll
[2010/12/03 22:27:36 | 000,557,056 | ---- | C] ( ) -- C:\WINDOWS\System32\raac.dll
[2010/12/03 22:27:36 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/03 22:27:36 | 000,139,264 | ---- | C] ( ) -- C:\WINDOWS\System32\sipr.dll
[2010/12/03 22:27:36 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rv20.dll
[2010/12/03 22:27:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\rv30.dll
[2010/12/03 22:27:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\rv40.dll
[2010/12/03 22:27:35 | 003,569,152 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/12/03 22:27:35 | 000,695,296 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/12/03 22:27:35 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/12/03 22:27:35 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/12/03 22:27:35 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010/12/03 22:27:35 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2010/12/03 22:27:35 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/12/03 22:27:35 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/12/03 22:27:35 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/12/03 22:27:35 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2010/12/03 22:27:35 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/12/03 22:27:35 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/12/03 22:27:35 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/12/03 22:27:35 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/12/03 22:27:35 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/12/03 22:27:34 | 000,548,919 | ---- | C] ( ) -- C:\WINDOWS\System32\colorcvt.dll
[2010/12/03 22:27:34 | 000,479,298 | ---- | C] ( ) -- C:\WINDOWS\System32\erv4.dll
[2010/12/03 22:27:34 | 000,286,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2010/12/03 22:27:34 | 000,266,306 | ---- | C] ( ) -- C:\WINDOWS\System32\erv3.dll
[2010/12/03 22:27:34 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/12/03 22:27:34 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\drv2.dll
[2010/12/03 22:27:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/12/03 22:27:34 | 000,065,602 | ---- | C] ( ) -- C:\WINDOWS\System32\cook.dll
[2010/12/03 22:27:34 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/12/03 22:27:30 | 000,210,264 | ---- | C] () -- C:\WINDOWS\System32\LCMW3.dll
[2010/12/03 22:27:30 | 000,148,840 | ---- | C] () -- C:\WINDOWS\System32\LDECMPG2KRN2.dll
[2010/12/03 22:27:30 | 000,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\atrc.dll
[2010/12/03 22:27:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2010/12/03 22:27:30 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/08/28 16:43:25 | 000,732,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== Files - Unicode (All) ==========
[2012/01/22 16:52:32 | 000,000,387 | ---- | M] ()(C:\Documents and Settings\all\Desktop\FromtheOfficeoftheCIO12.19.2011.pdf?(93KB)?.url) -- C:\Documents and Settings\all\Desktop\FromtheOfficeoftheCIO12.19.2011.pdf‎(93KB)‎.url
[2012/01/22 16:52:32 | 000,000,387 | ---- | C] ()(C:\Documents and Settings\all\Desktop\FromtheOfficeoftheCIO12.19.2011.pdf?(93KB)?.url) -- C:\Documents and Settings\all\Desktop\FromtheOfficeoftheCIO12.19.2011.pdf‎(93KB)‎.url

< End of report >

#9 cat54mom

cat54mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 02 June 2012 - 08:36 AM

Please let me know if you need anything else. I will try to check this site when I can to see if there is anything else I need to do. I appreciate your help!

#10 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:12:03 AM

Posted 02 June 2012 - 09:40 AM

Hi cat54mom,



Step 1
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {b0441a0e-a49a-4e16-afc1-74ecced1921f}
    IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UXxdm011YYus&ptnrS=UXxdm011YYus&si=maps4pc&ptb=ADD6AAD9-56B5-4AB1-B492-69BC0EBF0848&ind=2012052019&n=77ed7a33&psa=&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2514476108-1748650611-897742233-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=UXxdm011YYus&ptb=ADD6AAD9-56B5-4AB1-B492-69BC0EBF0848&si=maps4pc
    
    :commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
    You can find the report under C:\_OTL\MovedFiles\ as well.





Step 2
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.





Step 3
I would like you to answer the following questions as exactly and detailed as you can:
  • How is your compter running at the moment?
  • Do you still have problems with MyWebSearch in your Internet Explorer?





What you should post with your next answer:
  • the logfile from the OTL-Fix,
  • the logfile from SecurityCheck,
  • an answer to my questions.

Regards,
M-K-D-B

#11 cat54mom

cat54mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 02 June 2012 - 09:21 PM

OTL Log:
-----------------------------------------------

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
HKU\S-1-5-21-2514476108-1748650611-897742233-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: all
->Temp folder emptied: 48767401 bytes
->Temporary Internet Files folder emptied: 316737806 bytes
->Java cache emptied: 41832879 bytes
->FireFox cache emptied: 131326661 bytes
->Apple Safari cache emptied: 3805184 bytes
->Flash cache emptied: 54860 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 857437 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3210257 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49572907 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 263894654 bytes

Total Files Cleaned = 820.00 mb


OTL by OldTimer - Version 3.2.45.0 log created on 06022012_215813

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5e0.dat not found!

Registry entries deleted on Reboot...


-----------------------------------------------
checkup.txt
-----------------------------------------------
Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````

-----------------------------------------------

My computer is running well. It may be my imagination but response seems to be somewhat better--maybe "cleaning up" my temp folders helped?
No more MyWebSearch :) . It just now occurred to me that maybe all I needed to do was reset my home page. (Proof that my brain needs a rest!) But, anyhow, I was concerned that I might still have malware "hiding" on my PC. Thanks, I appreciate your help.

Edited by cat54mom, 02 June 2012 - 10:22 PM.


#12 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:12:03 AM

Posted 03 June 2012 - 10:49 AM

Hi cat54mom,



If you have no more problems, then we're done here. Your computer is clean. :thumbup2:
Finally, we have to take a few steps to clean up and protect your computer.





Step 1
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.





Step 2
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :commands
    [CLEARALLRESTOREPOINTS]
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.





Step 3
We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.





Step 4
To protect your computer from similar infections in the future, I recommend a couple of useful programs, including a few tips:


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiMalware Program
A highly recommended and free Anti-Malware program is Malwarebytes' Anti-Malware.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiMalware program on a regular basis just as you would an antivirus software.


Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.





Step 5
Please give me a short notice, when you're done and have no more questions, so I can delete the topic from my subscriptions.
Regards,
M-K-D-B

#13 cat54mom

cat54mom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 PM

Posted 03 June 2012 - 01:19 PM

I performed all the cleanup steps. Everything looks good. Thank you! :thumbsup:

#14 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:12:03 AM

Posted 04 June 2012 - 04:52 AM

Hi cat54mom,


I'm glad we could help. :thumbup2:
Take care.
Regards,
M-K-D-B

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:03 AM

Posted 04 June 2012 - 06:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users