I'm new to the forum, so my apologies if I make any rookie mistakes. My system is running fine in general; however, often when I click Google Search results (in both Firefox and Internet Explorer), I am redirected to spam-looking sites. The sites vary and it's unpredictable as to when I'm redirected. It's not 100% of the time and it doesn't occur with specific domains. I have run AdAware, Spybot, and Malware Byes, but have not had any luck resolving this issue. Below you will find my OTL log. Thanks again to whoever decides to help out!
---------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 5/23/2011 8:45:16 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.93 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 59.64% Memory free
4.77 Gb Paging File | 3.68 Gb Available in Paging File | 77.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 264.91 Gb Free Space | 88.87% Space Free | Partition Type: NTFS
Computer Name: CH2-R80CZX4 | User Name: user | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/23 08:45:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2011/04/29 16:38:18 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2011/04/29 16:38:12 | 000,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files\SafeBoot\SbClientManager.exe
PRC - [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/07 16:51:48 | 000,153,088 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/02/07 16:50:38 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/09/03 04:12:10 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2010/05/20 12:25:08 | 000,385,024 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\softmon.exe
PRC - [2010/02/25 18:45:48 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/01/18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2010/01/06 01:13:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/01/06 01:13:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/12/21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/12/10 04:50:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/19 21:44:34 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/11/17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/11/11 17:33:10 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/11/09 13:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/10/23 18:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/10/01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/22 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/22 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/21 14:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 14:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/09/21 14:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/08/03 06:11:28 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\policy.client.invoker.exe
PRC - [2009/04/17 06:22:00 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\rcgui.exe
PRC - [2009/04/15 06:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\issuser.exe
PRC - [2009/03/23 10:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\Shared Files\residentAgent.exe
PRC - [2009/03/10 06:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\LocalSch.EXE
PRC - [2009/03/05 16:28:26 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2008/12/04 06:12:38 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\collector.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\tmcsvc.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/05/27 13:24:52 | 000,310,272 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
========== Modules (SafeList) ==========
MOD - [2011/05/23 08:45:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/29 16:38:12 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\SafeBoot\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2011/02/07 16:51:48 | 000,153,088 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2010/09/03 04:12:10 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2010/07/27 18:19:06 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/05/20 12:25:08 | 000,385,024 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2010/02/25 18:45:48 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/01/18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/01/06 01:13:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/01/06 01:13:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/11/17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (Lenovo.micmute)
SRV - [2009/11/09 13:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV - [2009/10/23 18:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/21 14:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 14:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/09/21 14:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/03 06:11:28 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/04/15 06:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDESK\LDCLIENT\issuser.exe -- (ISSUSER)
SRV - [2009/03/23 10:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/03/10 06:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2008/04/15 08:47:58 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDESK\LDCLIENT\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - [2011/04/29 16:38:13 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sbalg.sys -- (SBAlg)
DRV - [2011/04/29 16:38:11 | 000,034,480 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sbflop.sys -- (SBFlop)
DRV - [2011/04/29 16:38:11 | 000,015,248 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sbprcctl.sys -- (SbPrcCtl)
DRV - [2011/04/29 16:38:10 | 000,103,760 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\safeboot.sys -- (SafeBoot)
DRV - [2011/04/29 16:38:10 | 000,033,328 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2011/04/29 16:38:10 | 000,006,496 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/10/15 01:29:14 | 000,260,864 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/07/27 18:12:04 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/07/27 18:09:40 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/03/01 09:14:00 | 000,992,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/03/01 09:14:00 | 000,047,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/06 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/01/06 01:13:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/01/06 01:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2009/12/14 17:30:14 | 001,713,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/12/10 09:33:34 | 000,167,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/12/10 04:50:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009/10/27 08:53:16 | 000,126,080 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2009/10/21 00:04:34 | 000,041,120 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009/10/09 12:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/10/09 12:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/15 11:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/16 08:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 08:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 08:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/06/30 11:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 11:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 11:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/03/27 00:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/02/12 14:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007/06/08 12:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stm_tpm.sys -- (stmtpm)
DRV - [2007/05/30 17:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/30 17:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/30 17:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2001/08/17 12:10:56 | 000,024,653 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el574nd4.sys -- (EL3C574)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmc.myow.com/today
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.me.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..network.proxy.backup.ftp: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 14:35:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 14:35:33 | 000,000,000 | ---D | M]
[2010/09/13 16:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/05/23 07:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions
[2010/09/15 14:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (Oliver Wyman Group) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]
[2010/12/12 17:23:26 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\vshare@toolbar
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\chrome
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\components
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\defaults
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\modules
[2011/05/22 20:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/22 12:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/27 14:39:12 | 000,000,000 | ---D | M] (Oliver Wyman Group) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\chrome
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\components
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\modules
[2010/11/22 12:20:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/22 12:20:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/05/02 18:11:29 | 000,000,890 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.107.64.190 www.google.com
O1 - Hosts: 209.172.56.115 search.yahoo.com
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: cavokgroup.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: cavokgroup.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: cavokgroup.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: ds.corp ([owgusdfwev01.owg] * in Intranet local)
O15 - HKCU\..Trusted Domains: ds.corp ([owgusdfwidx01.owg] * in Intranet local)
O15 - HKCU\..Trusted Domains: ds.corp ([owgusev.owg] * in Intranet local)
O15 - HKCU\..Trusted Domains: marsh.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: marsh.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: marsh.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercer.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercer.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercer.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercermc.com ([]ftp in Intranet local)
O15 - HKCU\..Trusted Domains: mercermc.com ([]http in Intranet local)
O15 - HKCU\..Trusted Domains: mercermc.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mmc.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mmc.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mmc.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: myow.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: myow.com ([]http in Intranet local)
O15 - HKCU\..Trusted Domains: myow.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: nera.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: nera.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: nera.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: oliverwyman.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: oliverwyman.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: oliverwyman.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: owgusdfwev01 ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: owgusdfwidx01 ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: owgusev ([]* in Intranet local)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {15138B54-7EB6-11D0-9BB7-0000C0F04C96} http://gmc.myow.com/today/SSLstBar.cab (Sheridan ActiveListBar Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1264163666593 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1260297375109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remotevpn.me...perSetupSP1.cab (JuniperSetupSP1 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.94.25.120 66.94.9.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mmci.ad.root
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/19 06:48:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{18197785-bab6-11df-9977-0024d744474c}\Shell - "" = AutoRun
O33 - MountPoints2\{18197785-bab6-11df-9977-0024d744474c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18197785-bab6-11df-9977-0024d744474c}\Shell\AutoRun\command - "" = E:\ATTPreCopy.exe -d:OPETNAEXPCI -7
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/06 11:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Meetings
[2011/05/06 11:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Tracing
[2011/05/06 11:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Meeting 2007
[2011/05/06 11:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/05/05 22:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/05/05 22:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 22:18:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/05 22:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/05 22:18:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/05 22:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/05 11:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Iasta
[2011/05/05 11:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartSource
[2011/05/05 11:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\iasta
[2011/05/03 23:29:15 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/03 23:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/04/29 16:38:18 | 000,077,824 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\SbNp.dll
[2011/04/29 16:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\SafeBoot Tray Manager
[2011/04/29 16:38:10 | 000,006,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\SbFsLock.sys
[2011/04/29 16:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/29 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2011/04/25 11:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/04/25 11:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/09/03 04:07:39 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/23 07:52:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258479845-1853294860-4170303737-45200UA.job
[2011/05/23 07:49:26 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/05/23 06:17:08 | 000,592,648 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/23 06:17:08 | 000,121,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/22 22:58:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 22:56:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 22:56:24 | 3141,156,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 08:52:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258479845-1853294860-4170303737-45200Core.job
[2011/05/19 08:16:28 | 000,086,167 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Corporate Challenge Shirts.pdf
[2011/05/13 08:30:46 | 000,092,328 | ---- | M] () -- C:\Documents and Settings\user\Desktop\JPMorgan Chase Corporate Challenge -302-256.pdf
[2011/05/10 23:19:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/05 22:18:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 11:34:27 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartSource Desktop.lnk
[2011/05/03 23:29:15 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/29 16:46:23 | 021,102,592 | RHS- | M] () -- C:\SafeBoot.fs
[2011/04/29 16:46:18 | 000,589,824 | RHS- | M] () -- C:\SafeBoot.rsv
[2011/04/29 16:38:18 | 000,077,824 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\SbNp.dll
[2011/04/29 16:38:13 | 000,200,704 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\safeboot.scr
[2011/04/29 16:38:13 | 000,044,976 | ---- | M] (SafeBoot N.V.) -- C:\WINDOWS\System32\drivers\sbalg.sys
[2011/04/29 16:38:11 | 000,034,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\sbflop.sys
[2011/04/29 16:38:11 | 000,015,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\sbprcctl.sys
[2011/04/29 16:38:10 | 000,103,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\safeboot.sys
[2011/04/29 16:38:10 | 000,033,328 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\rsvlock.sys
[2011/04/29 16:38:10 | 000,006,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\SbFsLock.sys
[2011/04/25 17:36:32 | 000,397,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 14:17:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/25 11:29:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/19 08:16:28 | 000,086,167 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Corporate Challenge Shirts.pdf
[2011/05/13 08:30:46 | 000,092,328 | ---- | C] () -- C:\Documents and Settings\user\Desktop\JPMorgan Chase Corporate Challenge -302-256.pdf
[2011/05/05 22:18:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 11:34:27 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartSource Desktop.lnk
[2011/05/03 23:19:02 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/29 16:46:18 | 000,589,824 | RHS- | C] () -- C:\SafeBoot.rsv
[2011/01/25 19:08:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2010/12/29 10:31:27 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2010/11/02 18:44:41 | 000,000,541 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/10/14 08:23:22 | 001,857,536 | ---- | C] () -- C:\WINDOWS\System32\ricA3Jur.dll
[2010/10/14 08:23:22 | 000,067,044 | ---- | C] () -- C:\WINDOWS\System32\ricA3Jlg.dat
[2010/10/02 17:49:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/02 17:49:32 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2010/09/28 12:12:50 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2010/09/15 16:01:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/13 16:33:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/07 14:33:15 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/09/07 10:43:33 | 000,103,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\safeboot.sys
[2010/09/03 04:08:39 | 000,128,204 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2010/09/03 04:08:28 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/09/03 04:07:15 | 000,867,020 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2010/09/03 02:21:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/03 02:21:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/03 02:21:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/03 02:21:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/03 02:21:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/03 02:21:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/09/03 02:19:25 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/09/03 02:19:25 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/09/02 15:12:06 | 000,916,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/02 13:48:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/02 13:39:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/09/02 13:39:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010/02/25 18:45:58 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/08/03 15:35:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/31 17:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/03/19 06:51:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/19 06:46:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/18 23:54:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/18 23:53:30 | 000,397,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/09 18:00:30 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2008/03/25 04:39:58 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/03/25 04:39:56 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,592,648 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,121,046 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2011/05/06 11:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/09/27 04:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/11/19 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2010/09/02 14:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2010/09/03 02:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2010/09/27 04:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2010/09/02 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MS
[2010/09/28 12:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/09/03 02:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/05/19 11:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2010/12/10 12:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2010/11/28 21:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Aelita
[2010/09/07 14:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AT&T
[2010/11/19 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CrashPlan
[2011/05/05 11:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Iasta
[2010/10/27 09:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Juniper Networks
[2010/11/19 18:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LANDesk
[2010/09/07 14:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sierra Wireless
[2010/12/14 11:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\vShare
[2010/10/25 06:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2010/10/25 06:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
[2010/12/10 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Xerox
[2011/05/10 23:19:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/23 07:49:26 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
========== Purity Check ==========
< End of report >