Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

yahoo redirect virus


  • This topic is locked This topic is locked

#16
ph1290

ph1290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
*****I did not forget to post the OTL fix log. None was displayed either before or after reboot. Same thing this time. I am posting the OTL.txt and aswmbr.txt logs



OTL logfile created on: 5/30/2011 9:58:26 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\harrisap\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 93.76 Gb Free Space | 62.90% Space Free | Partition Type: NTFS

Computer Name: 7-51896 | User Name: harrisap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 10:34:27 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2011/05/22 10:00:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\harrisap\Desktop\OTL.exe
PRC - [2009/05/14 11:43:12 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/05/04 12:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
PRC - [2009/04/17 12:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/06/04 09:51:06 | 000,262,784 | ---- | M] (F5 Networks) -- C:\WINDOWS\system32\F5InstallerService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 14:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2007/10/07 21:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 21:48:36 | 000,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 17:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/12/01 08:35:58 | 000,057,393 | ---- | M] (IBM Corp) -- C:\Notes\ntmulti.exe
PRC - [2004/08/04 04:05:00 | 000,570,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 10:00:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\harrisap\Desktop\OTL.exe
MOD - [2008/04/14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ThreatFire)
SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/05/28 10:34:27 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/05/04 12:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/04/17 12:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/06/04 09:51:06 | 000,262,784 | ---- | M] (F5 Networks) [Auto | Running] -- C:\WINDOWS\system32\F5InstallerService.exe -- (F5 Networks Component Installer)
SRV - [2007/12/21 14:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2007/10/07 21:48:36 | 000,116,664 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/28 20:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 18:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/12/01 08:35:58 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2004/08/04 04:05:00 | 000,570,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2000/10/19 12:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora81\bin\ONRSD.EXE -- (OracleOraHome81ClientCache)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110529.002\navex15.sys -- (NAVEX15)
DRV - [2011/05/29 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110529.002\naveng.sys -- (NAVENG)
DRV - [2011/05/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/07 16:39:50 | 000,003,456 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide)
DRV - [2009/10/09 23:15:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/10/09 23:15:13 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/05/14 11:43:09 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/05/14 11:43:09 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/05/14 11:43:09 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/14 11:43:09 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2009/05/14 11:43:08 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/05/14 11:42:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/05/14 11:42:43 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/14 11:41:43 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/05/14 11:41:40 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/05/14 11:41:37 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/05/14 11:41:36 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/12/26 10:49:59 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/08/27 18:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 18:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 20:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/06/27 03:50:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{08B8D53F-FB61-4EC8-8614-ECA2133A48D4}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{08B8D53F-FB61-4EC8-8614-ECA2133A48D4}\ [2010/07/02 12:22:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7F407392-4F54-4B22-B018-7C448707CE31}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{7F407392-4F54-4B22-B018-7C448707CE31}\ [2010/07/02 13:46:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A4423967-0FE1-45A0-A02F-24676A38EC26}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{A4423967-0FE1-45A0-A02F-24676A38EC26}\ [2010/07/02 14:36:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{656599F9-402B-4ABD-B3DD-B465296C0D22}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{656599F9-402B-4ABD-B3DD-B465296C0D22}\ [2010/07/02 14:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2DE55286-1FBD-4B5E-A2FD-A80A0E7026AF}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{2DE55286-1FBD-4B5E-A2FD-A80A0E7026AF}\ [2010/07/03 08:50:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9DA59007-FBFE-4153-8AF3-F9C396AC0403}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{9DA59007-FBFE-4153-8AF3-F9C396AC0403}\ [2010/07/03 09:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A19F0325-B322-4DC2-97B2-521B259F25C5}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{A19F0325-B322-4DC2-97B2-521B259F25C5}\ [2010/07/03 12:02:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1A8548C6-50F1-463B-9802-225F5F94F67F}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{1A8548C6-50F1-463B-9802-225F5F94F67F}\ [2010/07/03 13:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBD154CF-3450-438A-A1ED-432C3082042C}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{BBD154CF-3450-438A-A1ED-432C3082042C}\ [2010/07/06 16:32:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CCCB28FC-4068-4917-96E5-3983EF42704B}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{CCCB28FC-4068-4917-96E5-3983EF42704B}\ [2010/07/07 07:39:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6512AF10-2BD9-4242-83CE-3086EA813335}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{6512AF10-2BD9-4242-83CE-3086EA813335}\ [2010/07/07 07:44:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{95ADF2BD-4B22-46D3-AFE6-4E78ABE2E962}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{95ADF2BD-4B22-46D3-AFE6-4E78ABE2E962}\ [2010/07/07 07:46:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B5AF1D8-7AA8-4B62-B2F7-6F370DD89CAB}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{4B5AF1D8-7AA8-4B62-B2F7-6F370DD89CAB}\ [2010/07/07 09:42:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DE5B9F1B-D5DE-4F59-9D5B-E2CAA777EF01}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{DE5B9F1B-D5DE-4F59-9D5B-E2CAA777EF01}\ [2010/07/07 09:43:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0A61CEF3-C718-4B50-889F-5D23F129ACCB}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{0A61CEF3-C718-4B50-889F-5D23F129ACCB}\ [2010/07/07 09:47:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8D783363-3AE6-4CDD-B954-3B2301C786C7}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{8D783363-3AE6-4CDD-B954-3B2301C786C7}\ [2010/07/07 09:53:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{588A3060-1F7E-4B99-88A4-3A1C6BA0322E}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{588A3060-1F7E-4B99-88A4-3A1C6BA0322E}\ [2010/07/07 11:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3437F035-FDD2-4241-9294-7F0F1BB28DAB}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{3437F035-FDD2-4241-9294-7F0F1BB28DAB}\ [2010/07/07 11:36:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F815F000-7EE3-4952-B739-09F30DAB8CE3}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{F815F000-7EE3-4952-B739-09F30DAB8CE3}\ [2010/07/07 12:15:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AE76301C-C986-4B42-8668-AC7A26389266}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{AE76301C-C986-4B42-8668-AC7A26389266}\ [2010/07/07 12:24:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B4379ACC-5F74-456A-A7EE-ECB02CBD8B7D}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{B4379ACC-5F74-456A-A7EE-ECB02CBD8B7D}\ [2010/07/07 15:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{186FE95C-BF73-4B29-8447-ED6E2D4837EF}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{186FE95C-BF73-4B29-8447-ED6E2D4837EF}\ [2010/07/07 16:46:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/17 11:02:36 | 000,000,000 | ---D | M]

[2010/04/24 17:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\harrisap\Application Data\Mozilla\Extensions
[2010/04/24 17:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\harrisap\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/05/28 21:53:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: adp.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: centra.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: Clientelligent.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: dhl-usa.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: employeeedge.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: eyeadvisor.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: gabrobins.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: gabrobinsna.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: genesyshcm.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: learn.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mygabr.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: virtela.net ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: adp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: centra.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: Clientelligent.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: dhl-usa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: employeeedge.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: eyeadvisor.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: gabrobins.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: gabrobinsna.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: genesyshcm.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: learn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mygabr.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: virtela.net ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: adp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: centra.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: Clientelligent.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: dhl-usa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: employeeedge.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: eyeadvisor.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: gabrobins.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: gabrobinsna.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: genesyshcm.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: learn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: mygabr.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: virtela.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://gabrobins1.c...,2010,1215,1100 (F5 Networks VPN Manager)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} http://uspsy16m.gabr...om/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://gabrobins1.c...,2010,1215,1053 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://gabrobins1.c...,2010,0617,2017 (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1228492840640 (WUWebControl Class)
O16 - DPF: {68132570-CED6-11D5-91AE-000039F5040E} http://www.employeee...m/NAVUPDPRJ.CAB (NAVUPDPRJ.NAVUPDCTL)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://gabrobins1.c...,2008,0404,2134 (F5 Networks Static Application Tunnel Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1228491044515 (MUWebControl Class)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://gabrobins1.c...1,2010,617,2010 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://gabrobins1.c...31,2010,902,806 (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} file://C:/Program Files/F5 VPN/F5_TMP/urvncx.cab (URVNCX Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GABNA-AD.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\harrisap\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\harrisap\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/15 12:50:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 21:50:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/30 08:33:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\harrisap\Recent
[2011/05/28 22:12:34 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2011/05/27 12:50:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/27 07:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\expense reprots
[2011/05/26 21:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/26 17:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/26 16:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/05/26 16:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/23 20:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/05/23 20:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/05/23 08:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2011/05/23 08:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2011/05/23 08:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/05/22 10:30:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\harrisap\IECompatCache
[2011/05/22 10:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/22 10:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/22 10:00:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\harrisap\Desktop\OTL.exe
[2011/05/17 23:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Local Settings\Application Data\Identities
[2011/05/15 13:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\etheridge
[2011/05/14 23:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\new bama losses
[2011/05/10 10:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2011/05/06 17:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\quake106
[1 C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 21:55:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/30 21:54:15 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/05/30 21:54:13 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/05/30 21:53:48 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/30 21:53:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/29 22:52:16 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2011/05/28 21:53:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/28 16:45:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/28 10:47:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 10:34:33 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\Upgrd.exe
[2011/05/28 10:34:27 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2011/05/28 10:15:15 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/27 16:54:45 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\LinkUp USA (2).url
[2011/05/27 15:01:05 | 000,002,219 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\GAB SSL.lnk
[2011/05/26 16:41:41 | 000,047,249 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\GABR_New_logo.jpg
[2011/05/25 16:50:48 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\gmer.zip
[2011/05/24 02:07:01 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/22 10:00:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\harrisap\Desktop\OTL.exe
[2011/05/17 10:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/02 16:45:17 | 000,137,448 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\us_mc1616_mail_yahoo_com_mc_showMessage_sMid=0&fid=Sent&.pdf
[2011/05/02 08:10:24 | 000,182,559 | ---- | M] () -- C:\Documents and Settings\harrisap\My Documents\dads poa.pdf
[2011/05/02 08:10:10 | 000,192,947 | ---- | M] () -- C:\Documents and Settings\harrisap\My Documents\moms poa.pdf
[1 C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 22:22:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/26 16:41:41 | 000,047,249 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\GABR_New_logo.jpg
[2011/05/25 16:50:45 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\gmer.zip
[2011/05/09 13:16:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\harrisap\Start Menu\Programs\Windows Media Player.lnk
[2011/05/02 16:43:14 | 000,137,448 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\us_mc1616_mail_yahoo_com_mc_showMessage_sMid=0&fid=Sent&.pdf
[2011/05/02 08:10:24 | 000,182,559 | ---- | C] () -- C:\Documents and Settings\harrisap\My Documents\dads poa.pdf
[2011/05/02 08:10:10 | 000,192,947 | ---- | C] () -- C:\Documents and Settings\harrisap\My Documents\moms poa.pdf
[2011/04/17 11:00:42 | 000,023,126 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2011/04/15 08:29:31 | 000,174,256 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2011/04/15 08:29:31 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2011/04/15 01:15:46 | 000,362,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/06 13:13:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/06 13:13:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/06 13:13:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/06 11:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 14:49:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/28 14:49:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/27 15:10:20 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/02/22 22:18:36 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/22 22:18:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/22 22:18:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2010/02/14 10:44:45 | 000,030,548 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 06:48:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DM510.dll
[2009/12/12 16:29:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\harrisap\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 22:46:45 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2009/06/19 15:23:17 | 000,157,263 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/06/19 15:23:17 | 000,000,879 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/06/12 10:44:28 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\harrisap\Local Settings\Application Data\fusioncache.dat
[2009/06/12 09:42:21 | 000,118,641 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/05/27 22:04:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/05/14 11:42:44 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/05/14 11:41:33 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Atibrtmon.exe
[2009/05/14 11:41:06 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/05/14 11:39:33 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/05/14 11:37:47 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/05/14 11:37:14 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\atiide.sys
[2009/05/14 11:34:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2009/05/14 11:34:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2008/03/18 11:58:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/12/26 12:18:32 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2007/11/28 15:39:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\vdialer.INI
[2007/11/28 12:12:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/11/16 15:25:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/11/16 15:23:19 | 000,003,981 | ---- | C] () -- C:\WINDOWS\RDSWIN.INI
[2007/11/16 12:47:22 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WDTCPCON.INI
[2007/11/16 12:32:18 | 000,003,635 | ---- | C] () -- C:\WINDOWS\~WDINS.INI
[2007/11/16 10:06:19 | 000,000,555 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/15 15:55:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/11/15 12:58:54 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/11/15 12:47:12 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/15 06:12:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/15 06:11:50 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/11/15 06:11:46 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2006/03/09 13:28:40 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2006/01/26 16:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/03 20:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/06/17 01:53:02 | 000,000,702 | ---- | C] () -- C:\WINDOWS\Cm3.ini
[2001/08/23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,491,116 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,090,342 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/30 09:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== LOP Check ==========

[2008/03/18 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/08/30 22:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/09/01 20:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2009/09/10 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/10 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/03/18 11:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/04/15 16:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/04/24 17:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/04/14 23:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xactware
[2010/07/11 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/14 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Leadertech
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GABguest\Application Data\Leadertech
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GABuser\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GABuser\Application Data\Leadertech
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\Leadertech
[2009/12/17 06:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\LinkManager 4.0
[2010/05/06 09:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\RecoveryFix for Windows
[2010/04/24 17:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\TomTom
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\smithd\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\smithd\Application Data\Leadertech
[2011/05/24 02:07:01 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/07/10 07:00:36 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

========== Purity Check ==========



< End of report >








aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-30 22:04:50
-----------------------------
22:04:50.343 OS Version: Windows 5.1.2600 Service Pack 3
22:04:50.343 Number of processors: 2 586 0x1706
22:04:50.343 ComputerName: 7-51896 UserName:
22:04:51.953 Initialize success
22:04:57.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
22:04:57.468 Disk 0 Vendor: HITACHI_HTS543216L9SA00 FB2ZC48C Size: 152627MB BusType: 3
22:04:59.484 Disk 0 MBR read successfully
22:04:59.484 Disk 0 MBR scan
22:04:59.484 Disk 0 unknown MBR code
22:05:01.484 Disk 0 scanning sectors +312575760
22:05:01.500 Disk 0 scanning C:\WINDOWS\system32\drivers
22:05:08.890 Service scanning
22:05:10.265 Disk 0 trace - called modules:
22:05:10.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:05:10.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b03bab8]
22:05:10.281 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000099[0x8b03d9e8]
22:05:10.281 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8b07ad98]
22:05:17.140 Unsigned kernel modules:
22:05:17.156 0xba672000 C:\WINDOWS\system32\drivers\atiide.sys
22:05:18.046 0xba118000 C:\WINDOWS\system32\drivers\PxHelp20.sys
22:05:24.906 0xba410000 C:\WINDOWS\system32\DRIVERS\psadd.sys
22:05:35.234 Scan finished successfully
22:05:52.921 Disk 0 Windows 501 MBR fixed successfully
22:06:07.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\harrisap\Desktop\MBR.dat"
22:06:07.531 The log file has been saved successfully to "C:\Documents and Settings\harrisap\Desktop\aswMBR.txt"



Things are looking pretty good so far...
  • 0

Advertisements


#17
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,
It's looking a lot better now, just a couple of more scans to do to check different areas :)

Please do the following:

========
Step 1
========

Start Posted Image MalwareBytes
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.


========
Step 2
========

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please remember to post both the MalwareBytes and E-Set online scans

Do you have anymore problems?

Homburg
  • 0

#18
ph1290

ph1290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Symantec caught Bloodhound.malpe. Malwarebytes didn't find anything. ESAT found a few things. Overall, I am doing much better. Other than Symantec popping up and noting it found the Bloodhound.malpe I haven't seen anything else.

Malwarebytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6734

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/31/2011 2:52:39 PM
mbam-log-2011-05-31 (14-52-39).txt

Scan type: Quick scan
Objects scanned: 211037
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




eset log


C:\System Volume Information\_restore{21F2B3A7-1002-4290-ACB5-6182A2031AEC}\RP5\A0002425.exe a variant of Win32/Kryptik.OIR trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{21F2B3A7-1002-4290-ACB5-6182A2031AEC}\RP6\A0002527.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{21F2B3A7-1002-4290-ACB5-6182A2031AEC}\RP6\A0002687.exe a variant of Win32/Kryptik.OGD trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05302011_215032\C_Documents and Settings\All Users\Application Data\HeypPtdMGKlWj.exe a variant of Win32/Kryptik.OGD trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05302011_215032\C_Documents and Settings\harrisap\Application Data\850C3386F25D49ABBA82710CF64570A3\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05302011_215032\C_Documents and Settings\harrisap\Application Data\850C3386F25D49ABBA82710CF64570A3\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
  • 0

#19
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi ph1290,

Your logs are now clear of malware. The items that were found by E-Set is malware we have in quarantine and in your restore points. Symantec recommends removing the Bloodhound.MalPE detection with their own tool. If it flags again then you could either use their tool or post the log here and I'll take a look. If it concerns you or happens after we clear the restore points please post the log and I'll take a look.

We'll now clean your restore points and remove the tools and logs that we've been using.

Reset SR Points/Clean up with OTL:
  • Double-click OTLPosted Image to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [emptytemp]
    [ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window and choose Paste.
  • Then click the Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore Points and create a new clean one.


Please delete aswMBR and logs from your desktop.



I have a few recommendations to try and prevent further infections.

1. Protection Now that you are clean, to help protect your computer in the future I recommend that you download the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place. It also consumes no system resources.
SpywareGuard to catch and block spyware before it can execute. It offers real time protection.
MalwareBytes to remove any malware that might slip the net and get through. I recommend that you run this at least once a week.

2. Windows Updates.

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

3. JAVA updates.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

4. Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.

5. Firewall and antivirus.
A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online Armor is a more advanced firewall which includes a Host Intrusion Protection System (HIPS).
Comodo is a combined firewall and anti virus.

It is essential that you have an antivirus program installed on your computer. An Anti-Virus program protects your computer from many common viruses and trojans which can be deadly for your system. The following antivirus programs are free for personal use. Do not install more than one antivirus.

AVG
Avira Free
Avast


To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :)

Homburg.
  • 0

#20
ph1290

ph1290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Spoke too soon...

Getting Backdoor.cycbot everytime I boot up. It is being caught by Symantec. Also, redirect from yahoo is back and seems a little more agressive in that it redirects a few things when typed directly into address line as well.

Not sure, but I may have caused it when I couldn't see a document and downloaded a Free File Viewer that seemed to act strangely. I removed it, but that may have caused the problem. I still have all the programs on my computer. Which do you want me to run now?
  • 0

#21
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Please do the following:

Run OTLPosted Image

Check the box scan all users

In the Extra Registry section, select All

Click the Quick Scan button.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL, please post these in your reply.

========
Step 2
========

Delete aswMBR and any scans on your desktop and download a fresh copy.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

========
Step 3
========

Please remember to post:
OTL.txt and Extras.txt
aswMBR scan log

Homburg
  • 0

#22
ph1290

ph1290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
No Extras.txt

OTL.txt
OTL logfile created on: 6/6/2011 3:34:08 PM - Run 8
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\harrisap\Desktop\SECURITY_ANTIVIRUS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.70 Gb Free Space | 62.20% Space Free | Partition Type: NTFS

Computer Name: 7-51896 | User Name: harrisap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 10:34:27 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2011/05/22 10:00:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\harrisap\Desktop\SECURITY_ANTIVIRUS\OTL.exe
PRC - [2009/05/14 11:43:12 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/05/04 12:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
PRC - [2009/04/17 12:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/06/04 09:51:06 | 000,262,784 | ---- | M] (F5 Networks) -- C:\WINDOWS\system32\F5InstallerService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 14:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2007/10/07 21:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 21:48:36 | 000,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 17:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/12/01 08:35:58 | 000,057,393 | ---- | M] (IBM Corp) -- C:\Notes\ntmulti.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 10:00:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\harrisap\Desktop\SECURITY_ANTIVIRUS\OTL.exe
MOD - [2008/04/14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ThreatFire)
SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/05/28 10:34:27 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/05/04 12:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/04/17 12:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/06/04 09:51:06 | 000,262,784 | ---- | M] (F5 Networks) [Auto | Running] -- C:\WINDOWS\system32\F5InstallerService.exe -- (F5 Networks Component Installer)
SRV - [2007/12/21 14:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2007/10/07 21:48:36 | 000,116,664 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/28 20:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 18:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/12/01 08:35:58 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2004/08/04 04:05:00 | 000,570,368 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2000/10/19 12:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora81\bin\ONRSD.EXE -- (OracleOraHome81ClientCache)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110602.001\navex15.sys -- (NAVEX15)
DRV - [2011/05/29 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110602.001\naveng.sys -- (NAVENG)
DRV - [2011/05/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/07 16:39:50 | 000,003,456 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide)
DRV - [2009/10/09 23:15:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/10/09 23:15:13 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/05/14 11:43:09 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/05/14 11:43:09 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/05/14 11:43:09 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/14 11:43:09 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2009/05/14 11:43:08 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/05/14 11:42:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/05/14 11:42:43 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/14 11:41:43 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/05/14 11:41:40 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/05/14 11:41:37 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/05/14 11:41:36 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/12/26 10:49:59 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/08/27 18:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 18:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 20:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/06/27 03:50:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{08B8D53F-FB61-4EC8-8614-ECA2133A48D4}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{08B8D53F-FB61-4EC8-8614-ECA2133A48D4}\ [2010/07/02 12:22:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7F407392-4F54-4B22-B018-7C448707CE31}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{7F407392-4F54-4B22-B018-7C448707CE31}\ [2010/07/02 13:46:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A4423967-0FE1-45A0-A02F-24676A38EC26}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{A4423967-0FE1-45A0-A02F-24676A38EC26}\ [2010/07/02 14:36:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{656599F9-402B-4ABD-B3DD-B465296C0D22}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{656599F9-402B-4ABD-B3DD-B465296C0D22}\ [2010/07/02 14:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2DE55286-1FBD-4B5E-A2FD-A80A0E7026AF}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{2DE55286-1FBD-4B5E-A2FD-A80A0E7026AF}\ [2010/07/03 08:50:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9DA59007-FBFE-4153-8AF3-F9C396AC0403}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{9DA59007-FBFE-4153-8AF3-F9C396AC0403}\ [2010/07/03 09:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A19F0325-B322-4DC2-97B2-521B259F25C5}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{A19F0325-B322-4DC2-97B2-521B259F25C5}\ [2010/07/03 12:02:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1A8548C6-50F1-463B-9802-225F5F94F67F}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{1A8548C6-50F1-463B-9802-225F5F94F67F}\ [2010/07/03 13:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBD154CF-3450-438A-A1ED-432C3082042C}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{BBD154CF-3450-438A-A1ED-432C3082042C}\ [2010/07/06 16:32:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CCCB28FC-4068-4917-96E5-3983EF42704B}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{CCCB28FC-4068-4917-96E5-3983EF42704B}\ [2010/07/07 07:39:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6512AF10-2BD9-4242-83CE-3086EA813335}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{6512AF10-2BD9-4242-83CE-3086EA813335}\ [2010/07/07 07:44:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{95ADF2BD-4B22-46D3-AFE6-4E78ABE2E962}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{95ADF2BD-4B22-46D3-AFE6-4E78ABE2E962}\ [2010/07/07 07:46:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B5AF1D8-7AA8-4B62-B2F7-6F370DD89CAB}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{4B5AF1D8-7AA8-4B62-B2F7-6F370DD89CAB}\ [2010/07/07 09:42:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DE5B9F1B-D5DE-4F59-9D5B-E2CAA777EF01}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{DE5B9F1B-D5DE-4F59-9D5B-E2CAA777EF01}\ [2010/07/07 09:43:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0A61CEF3-C718-4B50-889F-5D23F129ACCB}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{0A61CEF3-C718-4B50-889F-5D23F129ACCB}\ [2010/07/07 09:47:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8D783363-3AE6-4CDD-B954-3B2301C786C7}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{8D783363-3AE6-4CDD-B954-3B2301C786C7}\ [2010/07/07 09:53:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{588A3060-1F7E-4B99-88A4-3A1C6BA0322E}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{588A3060-1F7E-4B99-88A4-3A1C6BA0322E}\ [2010/07/07 11:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3437F035-FDD2-4241-9294-7F0F1BB28DAB}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{3437F035-FDD2-4241-9294-7F0F1BB28DAB}\ [2010/07/07 11:36:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F815F000-7EE3-4952-B739-09F30DAB8CE3}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{F815F000-7EE3-4952-B739-09F30DAB8CE3}\ [2010/07/07 12:15:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AE76301C-C986-4B42-8668-AC7A26389266}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{AE76301C-C986-4B42-8668-AC7A26389266}\ [2010/07/07 12:24:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B4379ACC-5F74-456A-A7EE-ECB02CBD8B7D}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{B4379ACC-5F74-456A-A7EE-ECB02CBD8B7D}\ [2010/07/07 15:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{186FE95C-BF73-4B29-8447-ED6E2D4837EF}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{186FE95C-BF73-4B29-8447-ED6E2D4837EF}\ [2010/07/07 16:46:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/17 11:02:36 | 000,000,000 | ---D | M]

[2010/04/24 17:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\harrisap\Application Data\Mozilla\Extensions
[2010/04/24 17:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\harrisap\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/06/04 17:09:09 | 000,000,003 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: adp.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: centra.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: Clientelligent.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: dhl-usa.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: employeeedge.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: eyeadvisor.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: gabrobins.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: gabrobinsna.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: genesyshcm.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: learn.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mygabr.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: virtela.net ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: adp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: centra.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: Clientelligent.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: dhl-usa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: employeeedge.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: eyeadvisor.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: gabrobins.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: gabrobinsna.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: genesyshcm.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: learn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mygabr.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: virtela.net ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: adp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: centra.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: Clientelligent.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: dhl-usa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: employeeedge.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: eyeadvisor.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: gabrobins.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: gabrobinsna.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: genesyshcm.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: learn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: mygabr.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: virtela.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://gabrobins1.c...,2010,1215,1100 (F5 Networks VPN Manager)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} http://uspsy16m.gabr...om/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://gabrobins1.c...,2010,1215,1053 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://gabrobins1.c...,2010,0617,2017 (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1228492840640 (WUWebControl Class)
O16 - DPF: {68132570-CED6-11D5-91AE-000039F5040E} http://www.employeee...m/NAVUPDPRJ.CAB (NAVUPDPRJ.NAVUPDCTL)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://gabrobins1.c...,2008,0404,2134 (F5 Networks Static Application Tunnel Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1228491044515 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://gabrobins1.c...1,2010,617,2010 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://gabrobins1.c...31,2010,902,806 (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} file://C:/Program Files/F5 VPN/F5_TMP/urvncx.cab (URVNCX Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GABNA-AD.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\harrisap\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/15 12:50:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 23:48:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/06/05 20:39:17 | 005,574,272 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\harrisap\Desktop\Sep_SupportTool.exe
[2011/06/05 10:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/01 13:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2011/05/31 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/30 22:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\FORMS
[2011/05/30 22:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\CLIENTS
[2011/05/30 22:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\SECURITY_ANTIVIRUS
[2011/05/30 21:50:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/30 08:33:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\harrisap\Recent
[2011/05/28 22:12:34 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2011/05/27 12:50:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/27 07:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\expense reprots
[2011/05/26 21:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/26 17:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/26 16:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/05/26 16:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/23 20:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/05/23 20:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/05/23 08:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2011/05/23 08:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2011/05/23 08:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/05/22 10:30:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\harrisap\IECompatCache
[2011/05/22 10:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/22 10:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/17 23:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Local Settings\Application Data\Identities
[2011/05/10 10:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[1 C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 15:24:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 15:24:30 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/06 15:19:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 15:02:42 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/06/06 15:02:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/06/06 15:02:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 05:29:42 | 000,019,209 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\1A0A.F94
[2011/06/06 02:07:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/05 23:55:19 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\LinkUp USA (2).url
[2011/06/05 23:47:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/05 22:39:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\MBR.dat
[2011/06/05 22:17:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\0.9089467419872155.exe
[2011/06/05 20:39:17 | 005,574,272 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\harrisap\Desktop\Sep_SupportTool.exe
[2011/06/05 10:17:10 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/04 17:09:09 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/04 13:46:32 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\GAB SSL.lnk
[2011/06/03 12:37:05 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\Shortcut to MoffFreeCalc.exe.lnk
[2011/05/31 10:20:42 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\Shortcut to googleearth.exe.lnk
[2011/05/31 10:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/31 09:39:59 | 000,001,380 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show desktop.lnk
[2011/05/31 09:19:33 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\My Computer.lnk
[2011/05/31 09:14:48 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\Samsung.lnk
[2011/05/31 08:39:58 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/05/31 08:39:50 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/30 22:47:29 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\27.3.lnk
[2011/05/30 22:46:56 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\27.1.lnk
[2011/05/30 22:46:22 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\27.0.lnk
[2011/05/30 22:45:47 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\25.5.lnk
[2011/05/30 22:37:23 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\LinkUp USA (2).url
[2011/05/30 22:25:00 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\CLAIM FILES.lnk
[2011/05/29 22:52:16 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2011/05/28 16:45:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/28 10:34:33 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\Upgrd.exe
[2011/05/28 10:34:27 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2011/05/27 15:01:05 | 000,002,219 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\GAB SSL.lnk
[1 C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/05 23:46:11 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/05 23:46:11 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/05 22:39:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\MBR.dat
[2011/06/05 22:17:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\0.9089467419872155.exe
[2011/06/05 10:17:10 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/04 23:10:55 | 000,019,209 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\1A0A.F94
[2011/06/03 12:37:05 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\Shortcut to MoffFreeCalc.exe.lnk
[2011/05/31 10:20:42 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\Shortcut to googleearth.exe.lnk
[2011/05/31 09:19:33 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\My Computer.lnk
[2011/05/31 09:14:48 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\Samsung.lnk
[2011/05/31 08:43:06 | 000,001,380 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show desktop.lnk
[2011/05/31 08:39:58 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/05/31 08:39:50 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/31 08:39:37 | 000,002,237 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\GAB SSL.lnk
[2011/05/31 08:39:14 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\LinkUp USA (2).url
[2011/05/30 22:47:29 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\27.3.lnk
[2011/05/30 22:46:56 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\27.1.lnk
[2011/05/30 22:46:22 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\27.0.lnk
[2011/05/30 22:45:47 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\25.5.lnk
[2011/05/30 22:25:00 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\CLAIM FILES.lnk
[2011/05/09 13:16:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\harrisap\Start Menu\Programs\Windows Media Player.lnk
[2011/04/17 11:00:42 | 000,023,126 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2011/04/15 08:29:31 | 000,174,256 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2011/04/15 08:29:31 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2011/04/15 01:15:46 | 000,362,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/06 13:13:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/06 13:13:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/06 13:13:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/06 11:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 14:49:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/28 14:49:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/27 15:10:20 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/02/22 22:18:36 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/22 22:18:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/22 22:18:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2010/02/14 10:44:45 | 000,030,548 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 06:48:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DM510.dll
[2009/12/12 16:29:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\harrisap\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 22:46:45 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2009/06/19 15:23:17 | 000,157,263 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/06/19 15:23:17 | 000,000,879 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/06/12 10:44:28 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\harrisap\Local Settings\Application Data\fusioncache.dat
[2009/06/12 09:42:21 | 000,118,641 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/05/27 22:04:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/05/14 11:42:44 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/05/14 11:41:33 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Atibrtmon.exe
[2009/05/14 11:41:06 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/05/14 11:39:33 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/05/14 11:37:47 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/05/14 11:37:14 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\atiide.sys
[2009/05/14 11:34:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2009/05/14 11:34:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2008/03/18 11:58:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/12/26 12:18:32 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2007/11/28 15:39:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\vdialer.INI
[2007/11/28 12:12:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/11/16 15:25:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/11/16 15:23:19 | 000,003,981 | ---- | C] () -- C:\WINDOWS\RDSWIN.INI
[2007/11/16 12:47:22 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WDTCPCON.INI
[2007/11/16 12:32:18 | 000,003,635 | ---- | C] () -- C:\WINDOWS\~WDINS.INI
[2007/11/16 10:06:19 | 000,000,555 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/15 15:55:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/11/15 12:58:54 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/11/15 12:47:12 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/15 06:12:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/15 06:11:50 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/11/15 06:11:46 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2006/03/09 13:28:40 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2006/01/26 16:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/03 20:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/06/17 01:53:02 | 000,000,702 | ---- | C] () -- C:\WINDOWS\Cm3.ini
[2001/08/23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,491,116 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,090,342 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/30 09:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== LOP Check ==========

[2008/03/18 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/08/30 22:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/09/01 20:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2009/09/10 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/10 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/03/18 11:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/04/15 16:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/04/24 17:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/04/14 23:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xactware
[2010/07/11 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/14 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Leadertech
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GABguest\Application Data\Leadertech
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GABuser\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GABuser\Application Data\Leadertech
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\Leadertech
[2009/12/17 06:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\LinkManager 4.0
[2010/05/06 09:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\RecoveryFix for Windows
[2010/04/24 17:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\TomTom
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\smithd\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\smithd\Application Data\Leadertech
[2011/06/06 02:07:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/07/10 07:00:36 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

========== Purity Check ==========



< End of report >




aswmb

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-06 15:54:08
-----------------------------
15:54:08.718 OS Version: Windows 5.1.2600 Service Pack 3
15:54:08.718 Number of processors: 2 586 0x1706
15:54:08.718 ComputerName: 7-51896 UserName:
15:54:09.796 Initialize success
15:54:12.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
15:54:12.281 Disk 0 Vendor: HITACHI_HTS543216L9SA00 FB2ZC48C Size: 152627MB BusType: 3
15:54:14.328 Disk 0 MBR read successfully
15:54:14.328 Disk 0 MBR scan
15:54:14.328 Disk 0 Windows XP default MBR code
15:54:16.406 Disk 0 scanning sectors +312575760
15:54:16.421 Disk 0 scanning C:\WINDOWS\system32\drivers
15:54:23.687 Service scanning
15:54:24.750 Disk 0 trace - called modules:
15:54:24.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:54:24.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b084ab8]
15:54:24.765 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000099[0x8b09f9e8]
15:54:24.765 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8b085d98]
15:54:24.765 Scan finished successfully
15:54:45.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\harrisap\Desktop\MBR.dat"
15:54:45.875 The log file has been saved successfully to "C:\Documents and Settings\harrisap\Desktop\aswMBR.txt"
  • 0

#23
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Do you recognise these shortcuts that are now on your desktop?

27.3
27.1
27.0
25.5


Please do the following:

========
Step 1
========

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/06/04 23:10:55 | 000,019,209 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\1A0A.F94
    [2011/06/05 22:17:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\0.9089467419872155.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\Documents and Settings\harrisap\Application Data\1A0A.F94
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

========
Step 2
========

Start Posted Image MalwareBytes
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

Please remember to post the OTL fix log, new OTL quickscan log and the MalwareBytes scan log and if you recognise the shortcuts.

How is the PC running now.

Are the redirects with Internet Explorer and Firefox or just one of them?

Homburg
  • 0

#24
ph1290

ph1290

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
27.3
27.1
27.0
25.5

These are shortcuts to different versions of Xactimate, a claims estimating program I use for my work (I am an independent claims adjuster). Different versions for different clients.

I use internet explorer, not firefox, so that's where the shortcuts have been coming from, however, after running the items from yesterday and today, I am not getting redirected anymore. I still am getting Symantec noting Bloodhound.MalPe. It recommends using their Power Eraser to remove the virus. I haven't done so at the moment, but will do so if you think that is the way to go...

OTL fix log


All processes killed
========== OTL ==========
C:\Documents and Settings\harrisap\Application Data\1A0A.F94 moved successfully.
C:\Documents and Settings\harrisap\Desktop\0.9089467419872155.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\harrisap\Application Data\1A0A.F94 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: forms

User: GABguest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: GABuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: harrisap
->Temp folder emptied: 91562078 bytes
->Temporary Internet Files folder emptied: 3375156 bytes
->Java cache emptied: 3223382 bytes
->Flash cache emptied: 55566 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12941459 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 2808 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: smithd
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1459739 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94777097 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 17896062 bytes

Total Files Cleaned = 215.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: forms

User: GABguest
->Flash cache emptied: 0 bytes

User: GABuser
->Flash cache emptied: 0 bytes

User: harrisap
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: smithd
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 06072011_192134

Files\Folders moved on Reboot...
C:\Documents and Settings\harrisap\Local Settings\Temp\[email protected].tmp moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_ae4.dat not found!

Registry entries deleted on Reboot...





OTL scan log

8:05 PM 6/7/2011OTL logfile created on: 6/7/2011 7:29:00 PM - Run 9
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\harrisap\Desktop\SECURITY_ANTIVIRUS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.26 Gb Free Space | 61.90% Space Free | Partition Type: NTFS

Computer Name: 7-51896 | User Name: harrisap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 10:34:27 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2011/05/22 10:00:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\harrisap\Desktop\SECURITY_ANTIVIRUS\OTL.exe
PRC - [2009/05/14 11:43:12 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/05/04 12:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
PRC - [2009/04/17 12:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/06/04 09:51:06 | 000,262,784 | ---- | M] (F5 Networks) -- C:\WINDOWS\system32\F5InstallerService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 14:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2007/10/07 21:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 21:48:36 | 000,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 17:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/12/01 08:35:58 | 000,057,393 | ---- | M] (IBM Corp) -- C:\Notes\ntmulti.exe
PRC - [2004/08/04 04:05:00 | 000,570,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 10:00:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\harrisap\Desktop\SECURITY_ANTIVIRUS\OTL.exe
MOD - [2008/04/14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ThreatFire)
SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/05/28 10:34:27 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/05/04 12:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/04/17 12:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/06/04 09:51:06 | 000,262,784 | ---- | M] (F5 Networks) [Auto | Running] -- C:\WINDOWS\system32\F5InstallerService.exe -- (F5 Networks Component Installer)
SRV - [2007/12/21 14:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2007/10/07 21:48:36 | 000,116,664 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/28 20:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 18:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/12/01 08:35:58 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2004/08/04 04:05:00 | 000,570,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2000/10/19 12:55:50 | 000,411,244 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora81\bin\ONRSD.EXE -- (OracleOraHome81ClientCache)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110606.002\navex15.sys -- (NAVEX15)
DRV - [2011/05/29 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110606.002\naveng.sys -- (NAVENG)
DRV - [2011/05/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/07 16:39:50 | 000,003,456 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide)
DRV - [2009/10/09 23:15:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/10/09 23:15:13 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/05/14 11:43:09 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/05/14 11:43:09 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/05/14 11:43:09 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/14 11:43:09 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2009/05/14 11:43:08 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/05/14 11:42:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/05/14 11:42:43 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/14 11:41:43 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/05/14 11:41:40 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/05/14 11:41:37 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/05/14 11:41:36 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/12/26 10:49:59 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/08/27 18:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 18:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 20:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/06/27 03:50:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{08B8D53F-FB61-4EC8-8614-ECA2133A48D4}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{08B8D53F-FB61-4EC8-8614-ECA2133A48D4}\ [2010/07/02 12:22:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7F407392-4F54-4B22-B018-7C448707CE31}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{7F407392-4F54-4B22-B018-7C448707CE31}\ [2010/07/02 13:46:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A4423967-0FE1-45A0-A02F-24676A38EC26}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{A4423967-0FE1-45A0-A02F-24676A38EC26}\ [2010/07/02 14:36:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{656599F9-402B-4ABD-B3DD-B465296C0D22}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{656599F9-402B-4ABD-B3DD-B465296C0D22}\ [2010/07/02 14:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2DE55286-1FBD-4B5E-A2FD-A80A0E7026AF}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{2DE55286-1FBD-4B5E-A2FD-A80A0E7026AF}\ [2010/07/03 08:50:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9DA59007-FBFE-4153-8AF3-F9C396AC0403}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{9DA59007-FBFE-4153-8AF3-F9C396AC0403}\ [2010/07/03 09:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A19F0325-B322-4DC2-97B2-521B259F25C5}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{A19F0325-B322-4DC2-97B2-521B259F25C5}\ [2010/07/03 12:02:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1A8548C6-50F1-463B-9802-225F5F94F67F}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{1A8548C6-50F1-463B-9802-225F5F94F67F}\ [2010/07/03 13:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBD154CF-3450-438A-A1ED-432C3082042C}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{BBD154CF-3450-438A-A1ED-432C3082042C}\ [2010/07/06 16:32:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CCCB28FC-4068-4917-96E5-3983EF42704B}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{CCCB28FC-4068-4917-96E5-3983EF42704B}\ [2010/07/07 07:39:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6512AF10-2BD9-4242-83CE-3086EA813335}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{6512AF10-2BD9-4242-83CE-3086EA813335}\ [2010/07/07 07:44:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{95ADF2BD-4B22-46D3-AFE6-4E78ABE2E962}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{95ADF2BD-4B22-46D3-AFE6-4E78ABE2E962}\ [2010/07/07 07:46:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B5AF1D8-7AA8-4B62-B2F7-6F370DD89CAB}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{4B5AF1D8-7AA8-4B62-B2F7-6F370DD89CAB}\ [2010/07/07 09:42:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DE5B9F1B-D5DE-4F59-9D5B-E2CAA777EF01}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{DE5B9F1B-D5DE-4F59-9D5B-E2CAA777EF01}\ [2010/07/07 09:43:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0A61CEF3-C718-4B50-889F-5D23F129ACCB}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{0A61CEF3-C718-4B50-889F-5D23F129ACCB}\ [2010/07/07 09:47:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8D783363-3AE6-4CDD-B954-3B2301C786C7}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{8D783363-3AE6-4CDD-B954-3B2301C786C7}\ [2010/07/07 09:53:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{588A3060-1F7E-4B99-88A4-3A1C6BA0322E}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{588A3060-1F7E-4B99-88A4-3A1C6BA0322E}\ [2010/07/07 11:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3437F035-FDD2-4241-9294-7F0F1BB28DAB}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{3437F035-FDD2-4241-9294-7F0F1BB28DAB}\ [2010/07/07 11:36:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F815F000-7EE3-4952-B739-09F30DAB8CE3}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{F815F000-7EE3-4952-B739-09F30DAB8CE3}\ [2010/07/07 12:15:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AE76301C-C986-4B42-8668-AC7A26389266}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{AE76301C-C986-4B42-8668-AC7A26389266}\ [2010/07/07 12:24:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B4379ACC-5F74-456A-A7EE-ECB02CBD8B7D}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{B4379ACC-5F74-456A-A7EE-ECB02CBD8B7D}\ [2010/07/07 15:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{186FE95C-BF73-4B29-8447-ED6E2D4837EF}: C:\Documents and Settings\harrisap\Local Settings\Application Data\{186FE95C-BF73-4B29-8447-ED6E2D4837EF}\ [2010/07/07 16:46:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/17 11:02:36 | 000,000,000 | ---D | M]

[2010/04/24 17:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\harrisap\Application Data\Mozilla\Extensions
[2010/04/24 17:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\harrisap\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/06/07 19:20:15 | 000,000,003 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: adp.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: centra.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: Clientelligent.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: dhl-usa.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: employeeedge.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: eyeadvisor.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: gabrobins.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: gabrobinsna.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: genesyshcm.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: learn.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mygabr.com ([]* in My Computer)
O15 - HKU\.DEFAULT\..Trusted Domains: virtela.net ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: adp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: centra.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: Clientelligent.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: dhl-usa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: employeeedge.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: eyeadvisor.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: gabrobins.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: gabrobinsna.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: genesyshcm.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: learn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mygabr.com ([]* in My Computer)
O15 - HKU\S-1-5-18\..Trusted Domains: virtela.net ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: adp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: centra.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: Clientelligent.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: dhl-usa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: employeeedge.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: eyeadvisor.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: gabrobins.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: gabrobinsna.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: genesyshcm.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: learn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: mygabr.com ([]* in My Computer)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: virtela.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://gabrobins1.c...,2010,1215,1100 (F5 Networks VPN Manager)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} http://uspsy16m.gabr...om/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://gabrobins1.c...,2010,1215,1053 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://gabrobins1.c...,2010,0617,2017 (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1228492840640 (WUWebControl Class)
O16 - DPF: {68132570-CED6-11D5-91AE-000039F5040E} http://www.employeee...m/NAVUPDPRJ.CAB (NAVUPDPRJ.NAVUPDCTL)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://gabrobins1.c...,2008,0404,2134 (F5 Networks Static Application Tunnel Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1228491044515 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files/F5 VPN/F5_TMP/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://gabrobins1.c...1,2010,617,2010 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://gabrobins1.c...31,2010,902,806 (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E66D35B8-E70D-42A6-B1F5-DB784CB92B15} file://C:/Program Files/F5 VPN/F5_TMP/urvncx.cab (URVNCX Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GABNA-AD.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\harrisap\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/15 12:50:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2187378860-2228663326-329466524-1014..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 15:53:39 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\harrisap\Desktop\aswMBR.exe
[2011/06/05 23:48:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/06/05 20:39:17 | 005,574,272 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\harrisap\Desktop\Sep_SupportTool.exe
[2011/06/05 10:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/01 13:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2011/05/31 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/30 22:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\FORMS
[2011/05/30 22:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\CLIENTS
[2011/05/30 22:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\SECURITY_ANTIVIRUS
[2011/05/30 21:50:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/30 08:33:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\harrisap\Recent
[2011/05/28 22:12:34 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2011/05/27 12:50:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/27 07:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Desktop\expense reprots
[2011/05/26 21:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/26 17:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/26 16:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/05/26 16:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/05/23 20:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/05/23 20:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/05/23 08:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2011/05/23 08:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2011/05/23 08:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/05/22 10:30:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\harrisap\IECompatCache
[2011/05/22 10:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/22 10:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/17 23:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\harrisap\Local Settings\Application Data\Identities
[2011/05/10 10:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[1 C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/07 19:26:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 19:24:28 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/06/07 19:24:24 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/06/07 19:24:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 19:23:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/07 19:20:15 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/07 19:19:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/07 17:08:46 | 000,002,237 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\GAB SSL.lnk
[2011/06/07 10:07:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/06 21:27:03 | 000,000,736 | ---- | M] () -- C:\WINDOWS\SamsungMaster.INI
[2011/06/06 15:54:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\MBR.dat
[2011/06/06 15:53:47 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\harrisap\Desktop\aswMBR.exe
[2011/06/06 02:07:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/05 23:55:19 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\LinkUp USA (2).url
[2011/06/05 23:47:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/05 20:39:17 | 005,574,272 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\harrisap\Desktop\Sep_SupportTool.exe
[2011/06/05 10:17:10 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/03 12:37:05 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\Shortcut to MoffFreeCalc.exe.lnk
[2011/05/31 10:20:42 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\Shortcut to googleearth.exe.lnk
[2011/05/31 09:39:59 | 000,001,380 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show desktop.lnk
[2011/05/31 09:19:33 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\My Computer.lnk
[2011/05/31 09:14:48 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\Samsung.lnk
[2011/05/31 08:39:58 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/05/31 08:39:50 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/30 22:47:29 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\27.3.lnk
[2011/05/30 22:46:56 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\27.1.lnk
[2011/05/30 22:46:22 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\27.0.lnk
[2011/05/30 22:45:47 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\25.5.lnk
[2011/05/30 22:37:23 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\LinkUp USA (2).url
[2011/05/30 22:25:00 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\CLAIM FILES.lnk
[2011/05/29 22:52:16 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2011/05/28 16:45:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/28 10:34:33 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\Upgrd.exe
[2011/05/28 10:34:27 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2011/05/27 15:01:05 | 000,002,219 | ---- | M] () -- C:\Documents and Settings\harrisap\Desktop\GAB SSL.lnk
[1 C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\harrisap\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/06 21:27:03 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2011/06/06 15:54:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\MBR.dat
[2011/06/05 23:46:11 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/05 23:46:11 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/05 10:17:10 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/03 12:37:05 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\Shortcut to MoffFreeCalc.exe.lnk
[2011/05/31 10:20:42 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\Shortcut to googleearth.exe.lnk
[2011/05/31 09:19:33 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\My Computer.lnk
[2011/05/31 09:14:48 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\Samsung.lnk
[2011/05/31 08:43:06 | 000,001,380 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show desktop.lnk
[2011/05/31 08:39:58 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/05/31 08:39:50 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/31 08:39:37 | 000,002,237 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\GAB SSL.lnk
[2011/05/31 08:39:14 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\harrisap\Application Data\Microsoft\Internet Explorer\Quick Launch\LinkUp USA (2).url
[2011/05/30 22:47:29 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\27.3.lnk
[2011/05/30 22:46:56 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\27.1.lnk
[2011/05/30 22:46:22 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\27.0.lnk
[2011/05/30 22:45:47 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\25.5.lnk
[2011/05/30 22:25:00 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\harrisap\Desktop\CLAIM FILES.lnk
[2011/05/09 13:16:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\harrisap\Start Menu\Programs\Windows Media Player.lnk
[2011/04/17 11:00:42 | 000,023,126 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2011/04/15 08:29:31 | 000,174,256 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2011/04/15 08:29:31 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2011/04/15 01:15:46 | 000,362,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/06 13:13:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/06 13:13:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/06 13:13:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/06 11:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 14:49:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/28 14:49:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/27 15:10:20 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/02/22 22:18:36 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/22 22:18:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/22 22:18:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2010/02/14 10:44:45 | 000,030,548 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 06:48:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DM510.dll
[2009/12/12 16:29:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\harrisap\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 22:46:45 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2009/06/19 15:23:17 | 000,157,263 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/06/19 15:23:17 | 000,000,879 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/06/12 10:44:28 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\harrisap\Local Settings\Application Data\fusioncache.dat
[2009/06/12 09:42:21 | 000,118,641 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/05/27 22:04:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/05/14 11:42:44 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/05/14 11:41:33 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Atibrtmon.exe
[2009/05/14 11:41:06 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/05/14 11:39:33 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/05/14 11:37:47 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/05/14 11:37:14 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\atiide.sys
[2009/05/14 11:34:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2009/05/14 11:34:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2008/03/18 11:58:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/12/26 12:18:32 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2007/11/28 15:39:06 | 000,000,029 | ---- | C] () -- C:\WINDOWS\vdialer.INI
[2007/11/28 12:12:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/11/16 15:25:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/11/16 15:23:19 | 000,003,981 | ---- | C] () -- C:\WINDOWS\RDSWIN.INI
[2007/11/16 12:47:22 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WDTCPCON.INI
[2007/11/16 12:32:18 | 000,003,635 | ---- | C] () -- C:\WINDOWS\~WDINS.INI
[2007/11/16 10:06:19 | 000,000,555 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/15 15:55:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/11/15 12:58:54 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/11/15 12:47:12 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/15 06:12:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/15 06:11:50 | 000,152,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/11/15 06:11:46 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2006/03/09 13:28:40 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2006/01/26 16:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/03 20:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/06/17 01:53:02 | 000,000,702 | ---- | C] () -- C:\WINDOWS\Cm3.ini
[2001/08/23 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,491,116 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,090,342 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/30 09:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== LOP Check ==========

[2008/03/18 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/08/30 22:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/09/01 20:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2009/09/10 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/10 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/03/18 11:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/04/15 16:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/04/24 17:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/04/14 23:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xactware
[2010/07/11 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/14 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Leadertech
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GABguest\Application Data\Leadertech
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GABuser\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GABuser\Application Data\Leadertech
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\Leadertech
[2009/12/17 06:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\LinkManager 4.0
[2010/05/06 09:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\RecoveryFix for Windows
[2010/04/24 17:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\harrisap\Application Data\TomTom
[2008/12/02 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\smithd\Application Data\F5 Networks
[2008/03/18 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\smithd\Application Data\Leadertech
[2011/06/06 02:07:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/07/10 07:00:36 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

========== Purity Check ==========



< End of report >





MBAM log


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6804

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/7/2011 7:43:12 PM
mbam-log-2011-06-07 (19-43-12).txt

Scan type: Quick scan
Objects scanned: 211633
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#25
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

If the Norton warning is the only problem you have remaining then I think it's best to do as they recommend and use the Norton Power Eraser so please do that and let me know how you get on.

Go to the Download page for Norton Power Eraser

1. Click Download Norton Power Eraser,
2. On the File Download dialog, click Save.
3. Select the location to where you want the file saved, and click Save.
4. Go to the location of the downloaded file and double-click the NPE icon.

Homburg
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP