Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google redirects

Started by lgfr , May 29 2011 06:55 PM

  • This topic is locked This topic is locked

#16
lgfr
Posted 30 May 2011 - 05:16 PM

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here are the results for OTL:

OTL logfile created on: 5/30/2011 7:04:14 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Linda\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 56.50% Memory free
3.72 Gb Paging File | 3.05 Gb Available in Paging File | 81.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 166.02 Gb Total Space | 149.83 Gb Free Space | 90.25% Space Free | Partition Type: NTFS

Computer Name: 8FCC61F12 | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 07:44:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda\My Documents\Downloads\OTL.scr
PRC - [2011/05/03 13:14:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/08 18:08:20 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/11 22:45:25 | 001,766,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2010/11/11 22:45:24 | 001,115,472 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
PRC - [2010/11/11 22:45:24 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/11/11 22:45:24 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2010/11/11 22:45:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2010/10/29 20:18:44 | 000,206,152 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe
PRC - [2010/09/17 12:21:00 | 000,301,648 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2010/08/24 12:07:34 | 000,740,160 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2010/08/12 14:57:58 | 000,060,416 | ---- | M] () -- C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
PRC - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () -- C:\WINDOWS\system32\svcprs32.exe
PRC - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () -- C:\WINDOWS\system32\mdmcls32.exe
PRC - [2009/10/01 14:55:56 | 000,330,256 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Linda\Desktop\Virus Removal Tool\setup_9.0.0.722_31.05.2011_01-02\setup_9.0.0.722_31.05.2011_01-02.exe
PRC - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/15 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [1999/10/12 09:53:46 | 000,013,312 | ---- | M] () -- C:\WINDOWS\system32\LMSXXEF.exe
PRC - [1998/12/10 13:57:12 | 000,037,376 | ---- | M] () -- C:\Program Files\TextBridge Pro 8.0\Bin\InstantAccess.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 07:44:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda\My Documents\Downloads\OTL.scr
MOD - [2011/01/08 18:08:35 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/09/28 14:10:00 | 000,079,184 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-9.0.0.69\QOEHook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/12 14:57:56 | 000,011,264 | ---- | M] () -- C:\Program Files\Avanquest\PowerDesk\DClickDesktopHook.dll
MOD - [2010/08/12 14:57:32 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\FileMonitor32.dll
MOD - [2010/04/25 16:54:00 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2010/04/25 16:54:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [1998/12/10 13:40:10 | 000,119,808 | ---- | M] () -- C:\Program Files\TextBridge Pro 8.0\Bin\Tbmhook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 22:45:24 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/11/11 22:45:24 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2010/11/11 22:45:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2010/10/29 20:18:44 | 000,206,152 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2010/09/17 12:21:00 | 000,301,648 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2010/08/24 12:07:34 | 000,740,160 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\svcprs32.exe -- (WinSvchostManager)
SRV - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\mdmcls32.exe -- (WinExtManager)
SRV - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/09/24 11:16:18 | 000,146,000 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2010/09/24 11:16:18 | 000,115,792 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2010/09/24 11:16:18 | 000,061,008 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2010/09/24 11:16:18 | 000,061,008 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2010/09/17 12:21:00 | 000,135,248 | ---- | M] (CA) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2010/09/17 06:00:28 | 000,599,936 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/06/09 06:54:38 | 000,244,304 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/05/03 02:12:02 | 000,108,112 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2010/03/22 13:58:42 | 000,079,864 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2010/02/01 11:02:44 | 000,084,984 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2010/01/14 03:44:00 | 000,041,080 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\74597642.sys -- (74597642)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\7459764.sys -- (setup_9.0.0.722_31.05.2011_01-02drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\74597641.sys -- (74597641)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/27 15:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/01/24 17:38:40 | 000,078,720 | ---- | M] (Netgear Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA311XP.SYS -- (RTL8023xp)
DRV - [1999/07/31 09:11:54 | 000,058,304 | ---- | M] (Sharp Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\VSP1284D.SYS -- (VSP1284D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9B 21 65 03 D6 29 17 48 96 A3 B1 05 2E F5 6E 69 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0.108
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\Firefox [2010/10/29 20:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/08 18:08:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/29 15:15:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 13:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/01 16:44:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/04/03 15:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Extensions
[2010/04/03 15:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/30 16:52:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions
[2011/03/06 18:48:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/30 09:22:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}
[2011/05/30 16:52:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/18 12:18:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/08 13:18:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/08 18:08:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/29 20:20:38 | 000,000,000 | ---D | M] (CA Anti-Phishing Toolbar) -- C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\RRR ANTI-PHISHING\TOOLBAR\FIREFOX
[2010/03/29 22:47:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/15 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0365219B-29D6-4817-96A3-B1052EF56E69} - File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BVRPLiveUpdate] File not found
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstantAccess] C:\Program Files\TextBridge Pro 8.0\Bin\InstantAccess.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RegisterDropHandler] C:\Program Files\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [XE Fax LM Status] C:\WINDOWS\System32\LMSXXEF.exe ()
O4 - HKCU..\Run: [PDHookServer] C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe ()
O4 - HKLM..\RunOnceEx: [washindex] C:\Program Files\Washer\washidx.exe ()
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XE_fx Status Monitor.lnk = C:\Program Files\XWC_90fx\X9ENGSS.EXE (SHARP CORPORATION)
O4 - Startup: C:\Documents and Settings\Linda\Start Menu\Programs\Startup\setup_9.0.0.722_31.05.2011_01-02.lnk = C:\Documents and Settings\Linda\Desktop\Virus Removal Tool\setup_9.0.0.722_31.05.2011_01-02\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1269900647072 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\windows\system32\filemonitor32.dll) - C:\WINDOWS\system32\FileMonitor32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/29 17:29:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 18:13:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/30 18:13:11 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\7459764.sys
[2011/05/30 18:13:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\74597641.sys
[2011/05/30 18:13:11 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\74597642.sys
[2011/05/30 18:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\Virus Removal Tool
[2011/05/30 09:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Application Data\Malwarebytes
[2011/05/30 09:38:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/30 09:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/30 09:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/30 09:38:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/30 09:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/30 09:23:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/29 19:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\GooredFix Backups
[2011/05/27 17:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2011/05/01 17:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Convert to DIVX AVI WMV MP4 MPEG Converter
[2011/05/01 17:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Free Convert to DIVX AVI WMV MP4 MPEG Converter
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Linda\*.tmp files -> C:\Documents and Settings\Linda\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Linda\My Documents\*.tmp files -> C:\Documents and Settings\Linda\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Linda\Desktop\*.tmp files -> C:\Documents and Settings\Linda\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 18:58:42 | 000,001,766 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_31.05.2011_01-02drv.spi
[2011/05/30 18:15:09 | 000,002,218 | ---- | M] () -- C:\Documents and Settings\Linda\Start Menu\Programs\Startup\setup_9.0.0.722_31.05.2011_01-02.lnk
[2011/05/30 17:21:03 | 000,302,592 | ---- | M] () -- C:\lj379cfw.exe
[2011/05/30 17:11:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-329068152-682003330-1003.job
[2011/05/30 17:11:48 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-329068152-682003330-1003.job
[2011/05/30 15:13:17 | 000,000,181 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/05/30 14:03:04 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/05/30 14:02:41 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/30 14:02:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/30 10:38:00 | 001,319,501 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2011/05/30 10:38:00 | 000,713,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/05/30 10:38:00 | 000,010,185 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2011/05/30 10:38:00 | 000,000,331 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2011/05/30 10:38:00 | 000,000,331 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2011/05/30 10:38:00 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2011/05/30 10:38:00 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2011/05/30 10:38:00 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2011/05/30 10:38:00 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2011/05/30 10:38:00 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2011/05/30 10:38:00 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2011/05/30 10:38:00 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2011/05/30 10:38:00 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2011/05/30 10:38:00 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2011/05/30 10:38:00 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2011/05/30 10:38:00 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2011/05/30 10:38:00 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2011/05/30 09:38:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 09:21:34 | 000,001,265 | ---- | M] () -- C:\WINDOWS\System32\141579823
[2011/05/30 08:17:18 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to redirectkiller.exe.lnk
[2011/05/30 08:01:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\MBR.dat
[2011/05/30 07:57:38 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to aswMBR.exe.lnk
[2011/05/30 07:42:24 | 000,000,148 | -HS- | M] () -- C:\WINDOWS\System32\677018883
[2011/05/29 22:26:09 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\288a2a54
[2011/05/29 15:09:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/27 17:14:11 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2011/05/24 18:30:45 | 003,443,534 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\18605_Pompano_CPS.pdf
[2011/05/24 18:25:27 | 003,084,118 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\18605_Pompano.pdf
[2011/05/22 15:08:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/14 21:52:36 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 17:33:22 | 000,117,755 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\leaves.jpg
[2011/05/08 17:28:50 | 000,029,980 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\flower.pdf
[2011/05/08 17:15:23 | 000,024,442 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo swirls.pdf
[2011/05/08 16:52:22 | 000,035,315 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\Carol Business Card Back.pdf
[2011/05/08 16:45:13 | 000,074,208 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo swirls.cdr
[2011/05/08 16:06:37 | 000,056,059 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\Carol Business Card Front1.pdf
[2011/05/08 15:14:11 | 000,117,755 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls6.jpg
[2011/05/08 14:53:52 | 000,046,417 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls5.jpg
[2011/05/08 14:52:19 | 000,041,584 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls3.jpg
[2011/05/08 14:50:34 | 000,028,446 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls1.jpg
[2011/05/08 14:49:01 | 000,036,418 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls.jpg
[2011/05/08 11:37:08 | 000,059,314 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\Backup_of_carolo swirls.cdr
[2011/05/08 11:30:20 | 000,068,881 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl_5.jpg
[2011/05/08 11:29:13 | 000,047,389 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl_4.jpg
[2011/05/08 11:23:41 | 000,142,628 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl_3.jpg
[2011/05/08 11:17:26 | 000,088,047 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl 2.jpg
[2011/05/08 11:14:12 | 000,196,624 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl.jpg
[2011/05/01 17:05:34 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/05/01 17:05:30 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Convert to DIVX AVI WMV MP4 MPEG Converter.lnk
[2011/05/01 16:54:29 | 003,469,469 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\J&K 2.JPG
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Linda\*.tmp files -> C:\Documents and Settings\Linda\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Linda\My Documents\*.tmp files -> C:\Documents and Settings\Linda\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Linda\Desktop\*.tmp files -> C:\Documents and Settings\Linda\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/30 18:49:26 | 000,001,766 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_31.05.2011_01-02drv.spi
[2011/05/30 18:15:09 | 000,002,218 | ---- | C] () -- C:\Documents and Settings\Linda\Start Menu\Programs\Startup\setup_9.0.0.722_31.05.2011_01-02.lnk
[2011/05/30 17:21:57 | 000,302,592 | ---- | C] () -- C:\lj379cfw.exe
[2011/05/30 09:38:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 08:01:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\MBR.dat
[2011/05/30 07:57:38 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to aswMBR.exe.lnk
[2011/05/29 19:11:40 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to redirectkiller.exe.lnk
[2011/05/27 17:58:57 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\288a2a54
[2011/05/27 17:14:26 | 000,001,265 | ---- | C] () -- C:\WINDOWS\System32\141579823
[2011/05/27 17:14:11 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2011/05/27 17:14:11 | 000,000,148 | -HS- | C] () -- C:\WINDOWS\System32\677018883
[2011/05/24 18:30:45 | 003,443,534 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\18605_Pompano_CPS.pdf
[2011/05/24 18:25:25 | 003,084,118 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\18605_Pompano.pdf
[2011/05/08 17:33:18 | 000,117,755 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\leaves.jpg
[2011/05/08 17:28:50 | 000,029,980 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\flower.pdf
[2011/05/08 17:15:23 | 000,024,442 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo swirls.pdf
[2011/05/08 16:52:22 | 000,035,315 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\Carol Business Card Back.pdf
[2011/05/08 16:45:13 | 000,059,314 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\Backup_of_carolo swirls.cdr
[2011/05/08 16:06:37 | 000,056,059 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\Carol Business Card Front1.pdf
[2011/05/08 15:14:09 | 000,117,755 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls6.jpg
[2011/05/08 14:53:48 | 000,046,417 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls5.jpg
[2011/05/08 14:52:16 | 000,041,584 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls3.jpg
[2011/05/08 14:50:32 | 000,028,446 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls1.jpg
[2011/05/08 14:48:57 | 000,036,418 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls.jpg
[2011/05/08 11:37:08 | 000,074,208 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo swirls.cdr
[2011/05/08 11:30:17 | 000,068,881 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl_5.jpg
[2011/05/08 11:29:09 | 000,047,389 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl_4.jpg
[2011/05/08 11:23:37 | 000,142,628 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl_3.jpg
[2011/05/08 11:17:23 | 000,088,047 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl 2.jpg
[2011/05/08 11:13:57 | 000,196,624 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl.jpg
[2011/05/01 17:05:34 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/05/01 17:05:30 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Convert to DIVX AVI WMV MP4 MPEG Converter.lnk
[2011/05/01 16:54:28 | 003,469,469 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\J&K 2.JPG
[2010/09/18 15:42:31 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/18 15:42:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2010/09/18 12:37:29 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/18 12:37:27 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/18 12:37:27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/17 18:58:11 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/09/17 18:56:23 | 001,054,032 | ---- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2010/09/17 18:56:05 | 005,845,744 | ---- | C] () -- C:\WINDOWS\System32\win32cpr.dll
[2010/09/17 18:56:05 | 002,385,136 | ---- | C] () -- C:\WINDOWS\System32\winsflt_x64.dll
[2010/09/17 18:56:05 | 001,872,624 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2010/09/17 18:56:05 | 001,377,008 | ---- | C] () -- C:\WINDOWS\System32\svcprs32.exe
[2010/09/17 18:56:05 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\winsfinst.exe
[2010/09/17 18:56:04 | 002,347,760 | ---- | C] () -- C:\WINDOWS\System32\mdmcls32.exe
[2010/08/12 14:57:32 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\FileMonitor32.dll
[2010/05/24 16:06:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2010/05/24 16:06:04 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2010/04/18 13:02:05 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 20:16:39 | 000,000,272 | ---- | C] () -- C:\WINDOWS\ReadIris.ini
[2010/04/05 13:14:16 | 000,000,331 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI
[2010/04/05 13:13:33 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2010/04/05 13:13:28 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppLangChoice.ini
[2010/04/05 13:13:27 | 000,343,040 | R--- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2010/04/05 13:13:27 | 000,116,736 | R--- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2010/04/05 12:43:04 | 000,000,181 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/04/03 22:57:23 | 000,009,536 | ---- | C] () -- C:\WINDOWS\System32\XEFX_ENU.DLL
[2010/04/03 22:47:59 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2010/04/03 22:43:51 | 000,000,096 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2010/04/03 22:43:37 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2010/04/03 22:43:37 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2010/04/03 22:43:37 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2010/04/03 22:43:37 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2010/04/03 22:43:37 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2010/04/03 21:37:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\spiemon.ini
[2010/04/03 13:22:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\X9QUEMGR.INI
[2010/04/03 13:11:33 | 000,000,689 | ---- | C] () -- C:\WINDOWS\SHSFTSET.INI
[2010/04/03 13:11:33 | 000,000,428 | ---- | C] () -- C:\WINDOWS\spipcl4a.ini
[2010/04/03 13:11:33 | 000,000,147 | ---- | C] () -- C:\WINDOWS\XEROXTW.INI
[2010/04/03 13:11:25 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\LMSXXEF.exe
[2010/04/03 13:11:25 | 000,001,106 | ---- | C] () -- C:\WINDOWS\sd4.ini
[2010/04/03 12:41:47 | 000,026,516 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/03/30 17:10:52 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2010/03/30 17:10:50 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2010/03/29 21:22:02 | 000,340,992 | ---- | C] () -- C:\WINDOWS\unwash.exe
[2010/03/29 21:16:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/29 19:01:30 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/03/29 17:31:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/29 17:29:52 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2010/03/29 17:29:52 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2010/03/29 17:29:52 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2010/03/29 17:26:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/29 09:18:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/29 09:17:11 | 000,393,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/12 12:03:34 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/04/15 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/15 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/15 00:00:00 | 000,493,054 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/15 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/15 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/15 00:00:00 | 000,083,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/15 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/15 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/15 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/15 00:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/15 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/15 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/20 03:51:59 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/10/15 09:52:20 | 000,000,089 | ---- | C] () -- C:\WINDOWS\System32\WCEFSTMN.INI

========== LOP Check ==========

[2010/09/19 15:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2010/09/19 15:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/03/29 18:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/04/03 12:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/03/29 21:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Avanquest
[2010/04/03 14:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\GetRightToGo
[2010/03/29 22:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\OpenOffice.org
[2010/04/03 12:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\ScanSoft
[2010/04/03 15:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Thunderbird
[2011/01/23 18:52:00 | 000,000,514 | ---- | M] () -- C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Linda at 4 52 PM.job
[2011/05/30 14:02:41 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#17
maliprog
Posted 30 May 2011 - 11:05 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi lgfr,

I see AVP clear your system pretty good :). How is it now? Any problems?
  • 0

#18
lgfr
Posted 31 May 2011 - 03:30 AM

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
It seems good. There are some dll files I'm not sure about. Are these good files? jgaw400.dll, jgdw400.dll, jdmd400.dll, jdpl400.dll, mscoree.dll, mscoriere.dll, mscories.dll

I'm on my way to work. Just let me know what I need to do next and I will take care of it when I get back.
  • 0

#19
maliprog
Posted 31 May 2011 - 03:41 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
They are legit files as far as I see it. But AVP would detect them if they weren't :)

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#20
lgfr
Posted 31 May 2011 - 03:47 AM

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Thank you so much for all your help. I will follow your Step 1 above and your recommendations this evening.
  • 0

#21
lgfr
Posted 31 May 2011 - 03:49 AM

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I noticed you used Kaspersky several times for fixing things on my computer. Would recommend that program?
  • 0

#22
maliprog
Posted 31 May 2011 - 03:55 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes we did. Kaspersky is a great antivirus company with great tools. I'm not using it myself but I sure can recommend it :unsure:. Now I'm using Avira Free in combination with Malwarebytes Pro. Hope this helps.

Goodbye and stay safe :)
  • 0

#23
maliprog
Posted 01 June 2011 - 06:31 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#24
lgfr
Posted 02 June 2011 - 05:04 PM

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Maliprog,

After we were done the other day I went to google and was redirected. I ran Kaspersky Virus removal tool again and it found I think 18 Trojans. How can I get these off my computer permanently? I really need your help.
  • 0

#25
maliprog
Posted 02 June 2011 - 11:31 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi lgfr,

Can you remember what did you do before you notice this infection. Did you inserted any specific USB memory stick or run any application?

Step 1

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Complete scan sometimes takes up to 3 hours to finish so please be patient.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Dr.Web log
  • OTL scan log
It would be helpful if you could post each log in separate post
  • 0

Advertisements

#26
lgfr
Posted 04 June 2011 - 04:03 PM

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I did not insert a USB drive. As soon as we were done I went to my home page in Firefox and went to Google and did a search and was redirected.

I just finished with Dr Web CureIT. At first it had a window that say it was running in enhanced protection mode - windows desktop is blocked by Malware.I closed that window and ran and express scan and a complete scan. The complete scan took hours and said it didn't find anything. I tried to save report list but it was grayed out and wouldn't me click it.

I ran OTL and here are the results:

OTL logfile created on: 6/4/2011 5:43:14 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Linda\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 58.72% Memory free
3.72 Gb Paging File | 3.09 Gb Available in Paging File | 83.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 166.02 Gb Total Space | 149.83 Gb Free Space | 90.25% Space Free | Partition Type: NTFS

Computer Name: 8FCC61F12 | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 17:41:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda\My Documents\Downloads\OTL.scr
PRC - [2011/05/03 13:14:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/08 18:08:20 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/11 22:45:25 | 001,766,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2010/11/11 22:45:24 | 001,115,472 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
PRC - [2010/11/11 22:45:24 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/11/11 22:45:24 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2010/11/11 22:45:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2010/10/29 20:18:44 | 000,206,152 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe
PRC - [2010/09/17 12:21:00 | 000,301,648 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2010/08/24 12:07:34 | 000,740,160 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2010/08/12 14:57:58 | 000,060,416 | ---- | M] () -- C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
PRC - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () -- C:\WINDOWS\system32\svcprs32.exe
PRC - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () -- C:\WINDOWS\system32\mdmcls32.exe
PRC - [2009/10/01 14:55:56 | 000,330,256 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Linda\Desktop\Virus Removal Tool\setup_9.0.0.722_31.05.2011_01-02\setup_9.0.0.722_31.05.2011_01-02.exe
PRC - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/15 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [1999/10/12 09:53:46 | 000,013,312 | ---- | M] () -- C:\WINDOWS\system32\LMSXXEF.exe
PRC - [1998/12/10 13:57:12 | 000,037,376 | ---- | M] () -- C:\Program Files\TextBridge Pro 8.0\Bin\InstantAccess.exe


========== Modules (SafeList) ==========

MOD - [2011/06/04 17:41:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda\My Documents\Downloads\OTL.scr
MOD - [2011/01/08 18:08:35 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/09/28 14:10:00 | 000,079,184 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-9.0.0.69\QOEHook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/12 14:57:56 | 000,011,264 | ---- | M] () -- C:\Program Files\Avanquest\PowerDesk\DClickDesktopHook.dll
MOD - [2010/08/12 14:57:32 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\FileMonitor32.dll
MOD - [2010/04/25 16:54:00 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2010/04/25 16:54:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [1998/12/10 13:40:10 | 000,119,808 | ---- | M] () -- C:\Program Files\TextBridge Pro 8.0\Bin\Tbmhook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 22:45:24 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/11/11 22:45:24 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2010/11/11 22:45:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2010/10/29 20:18:44 | 000,206,152 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2010/09/17 12:21:00 | 000,301,648 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2010/08/24 12:07:34 | 000,740,160 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2010/02/28 19:37:38 | 001,377,008 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\svcprs32.exe -- (WinSvchostManager)
SRV - [2010/02/28 19:33:56 | 002,347,760 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\mdmcls32.exe -- (WinExtManager)
SRV - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/09/24 11:16:18 | 000,146,000 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2010/09/24 11:16:18 | 000,115,792 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2010/09/24 11:16:18 | 000,061,008 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2010/09/24 11:16:18 | 000,061,008 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2010/09/17 12:21:00 | 000,135,248 | ---- | M] (CA) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2010/09/17 06:00:28 | 000,599,936 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/06/09 06:54:38 | 000,244,304 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/05/03 02:12:02 | 000,108,112 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2010/03/22 13:58:42 | 000,079,864 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2010/02/01 11:02:44 | 000,084,984 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2010/01/14 03:44:00 | 000,041,080 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\74597642.sys -- (74597642)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\7459764.sys -- (setup_9.0.0.722_31.05.2011_01-02drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\74597641.sys -- (74597641)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/27 15:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/01/24 17:38:40 | 000,078,720 | ---- | M] (Netgear Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA311XP.SYS -- (RTL8023xp)
DRV - [1999/07/31 09:11:54 | 000,058,304 | ---- | M] (Sharp Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\VSP1284D.SYS -- (VSP1284D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9B 21 65 03 D6 29 17 48 96 A3 B1 05 2E F5 6E 69 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0.108
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\Firefox [2010/10/29 20:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/08 18:08:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/29 15:15:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 13:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/01 16:44:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/04/03 15:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Extensions
[2010/04/03 15:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/04 12:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions
[2011/03/06 18:48:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/30 09:22:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\q95jpmru.default\extensions\{6c821380-3bfa-4a8a-9dc2-a522bc32ff1f}
[2011/06/04 12:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/18 12:18:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/08 13:18:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/08 18:08:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/10/29 20:20:38 | 000,000,000 | ---D | M] (CA Anti-Phishing Toolbar) -- C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\RRR ANTI-PHISHING\TOOLBAR\FIREFOX
[2010/03/29 22:47:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/15 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0365219B-29D6-4817-96A3-B1052EF56E69} - File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BVRPLiveUpdate] File not found
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstantAccess] C:\Program Files\TextBridge Pro 8.0\Bin\InstantAccess.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RegisterDropHandler] C:\Program Files\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [XE Fax LM Status] C:\WINDOWS\System32\LMSXXEF.exe ()
O4 - HKCU..\Run: [PDHookServer] C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe ()
O4 - HKLM..\RunOnceEx: [washindex] C:\Program Files\Washer\washidx.exe ()
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Pro 8.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XE_fx Status Monitor.lnk = C:\Program Files\XWC_90fx\X9ENGSS.EXE (SHARP CORPORATION)
O4 - Startup: C:\Documents and Settings\Linda\Start Menu\Programs\Startup\setup_9.0.0.722_31.05.2011_01-02.lnk = C:\Documents and Settings\Linda\Desktop\Virus Removal Tool\setup_9.0.0.722_31.05.2011_01-02\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\winsflt.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1269900647072 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (c:\windows\system32\filemonitor32.dll) - C:\WINDOWS\system32\FileMonitor32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/29 17:29:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 12:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\DoctorWeb
[2011/05/30 18:13:11 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\7459764.sys
[2011/05/30 18:13:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\74597641.sys
[2011/05/30 18:13:11 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\74597642.sys
[2011/05/30 18:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\Virus Removal Tool
[2011/05/30 18:09:08 | 121,810,624 | ---- | C] ( ) -- C:\Documents and Settings\Linda\Desktop\setup_9.0.0.722_31.05.2011_01-02.exe
[2011/05/30 09:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Application Data\Malwarebytes
[2011/05/30 09:38:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/30 09:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/30 09:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/30 09:38:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/30 09:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/29 19:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\GooredFix Backups
[2011/05/27 17:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2 C:\Documents and Settings\Linda\*.tmp files -> C:\Documents and Settings\Linda\*.tmp -> ]
[1 C:\Documents and Settings\Linda\My Documents\*.tmp files -> C:\Documents and Settings\Linda\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Linda\Desktop\*.tmp files -> C:\Documents and Settings\Linda\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 17:37:52 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/06/04 17:37:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-329068152-682003330-1003.job
[2011/06/04 17:37:24 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/04 17:37:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 17:36:30 | 001,307,301 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2011/06/04 17:36:30 | 000,724,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/06/04 17:36:30 | 000,010,185 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2011/06/04 17:36:30 | 000,000,331 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2011/06/04 17:36:30 | 000,000,331 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2011/06/04 17:36:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2011/06/04 17:36:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2011/06/04 17:36:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2011/06/04 17:36:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2011/06/04 17:36:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2011/06/04 17:36:30 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2011/06/04 17:36:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2011/06/04 17:36:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2011/06/04 17:36:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2011/06/04 17:36:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2011/06/04 17:36:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2011/06/04 17:36:30 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2011/06/04 17:34:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-329068152-682003330-1003.job
[2011/06/04 14:34:32 | 000,000,183 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/06/04 11:42:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/01 22:03:32 | 000,393,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/30 18:15:09 | 000,002,218 | ---- | M] () -- C:\Documents and Settings\Linda\Start Menu\Programs\Startup\setup_9.0.0.722_31.05.2011_01-02.lnk
[2011/05/30 18:11:57 | 121,810,624 | ---- | M] ( ) -- C:\Documents and Settings\Linda\Desktop\setup_9.0.0.722_31.05.2011_01-02.exe
[2011/05/30 17:21:03 | 000,302,592 | ---- | M] () -- C:\lj379cfw.exe
[2011/05/30 09:38:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 09:21:34 | 000,001,265 | ---- | M] () -- C:\WINDOWS\System32\141579823
[2011/05/30 08:17:18 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to redirectkiller.exe.lnk
[2011/05/30 08:01:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\MBR.dat
[2011/05/30 07:57:38 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to aswMBR.exe.lnk
[2011/05/30 07:42:24 | 000,000,148 | -HS- | M] () -- C:\WINDOWS\System32\677018883
[2011/05/29 22:26:09 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\288a2a54
[2011/05/27 17:14:11 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2011/05/24 18:30:45 | 003,443,534 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\18605_Pompano_CPS.pdf
[2011/05/24 18:25:27 | 003,084,118 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\18605_Pompano.pdf
[2011/05/22 15:08:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/14 21:52:36 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 17:33:22 | 000,117,755 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\leaves.jpg
[2011/05/08 17:28:50 | 000,029,980 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\flower.pdf
[2011/05/08 17:15:23 | 000,024,442 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo swirls.pdf
[2011/05/08 16:52:22 | 000,035,315 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\Carol Business Card Back.pdf
[2011/05/08 16:45:13 | 000,074,208 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo swirls.cdr
[2011/05/08 16:06:37 | 000,056,059 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\Carol Business Card Front1.pdf
[2011/05/08 15:14:11 | 000,117,755 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls6.jpg
[2011/05/08 14:53:52 | 000,046,417 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls5.jpg
[2011/05/08 14:52:19 | 000,041,584 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls3.jpg
[2011/05/08 14:50:34 | 000,028,446 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls1.jpg
[2011/05/08 14:49:01 | 000,036,418 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls.jpg
[2011/05/08 11:37:08 | 000,059,314 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\Backup_of_carolo swirls.cdr
[2011/05/08 11:30:20 | 000,068,881 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl_5.jpg
[2011/05/08 11:29:13 | 000,047,389 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl_4.jpg
[2011/05/08 11:23:41 | 000,142,628 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl_3.jpg
[2011/05/08 11:17:26 | 000,088,047 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl 2.jpg
[2011/05/08 11:14:12 | 000,196,624 | ---- | M] () -- C:\Documents and Settings\Linda\My Documents\swirl.jpg
[2 C:\Documents and Settings\Linda\*.tmp files -> C:\Documents and Settings\Linda\*.tmp -> ]
[1 C:\Documents and Settings\Linda\My Documents\*.tmp files -> C:\Documents and Settings\Linda\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Linda\Desktop\*.tmp files -> C:\Documents and Settings\Linda\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/30 18:15:09 | 000,002,218 | ---- | C] () -- C:\Documents and Settings\Linda\Start Menu\Programs\Startup\setup_9.0.0.722_31.05.2011_01-02.lnk
[2011/05/30 17:21:57 | 000,302,592 | ---- | C] () -- C:\lj379cfw.exe
[2011/05/30 09:38:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 08:01:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\MBR.dat
[2011/05/30 07:57:38 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to aswMBR.exe.lnk
[2011/05/29 19:11:40 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to redirectkiller.exe.lnk
[2011/05/27 17:58:57 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\288a2a54
[2011/05/27 17:14:26 | 000,001,265 | ---- | C] () -- C:\WINDOWS\System32\141579823
[2011/05/27 17:14:11 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2011/05/27 17:14:11 | 000,000,148 | -HS- | C] () -- C:\WINDOWS\System32\677018883
[2011/05/24 18:30:45 | 003,443,534 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\18605_Pompano_CPS.pdf
[2011/05/24 18:25:25 | 003,084,118 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\18605_Pompano.pdf
[2011/05/08 17:33:18 | 000,117,755 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\leaves.jpg
[2011/05/08 17:28:50 | 000,029,980 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\flower.pdf
[2011/05/08 17:15:23 | 000,024,442 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo swirls.pdf
[2011/05/08 16:52:22 | 000,035,315 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\Carol Business Card Back.pdf
[2011/05/08 16:45:13 | 000,059,314 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\Backup_of_carolo swirls.cdr
[2011/05/08 16:06:37 | 000,056,059 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\Carol Business Card Front1.pdf
[2011/05/08 15:14:09 | 000,117,755 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls6.jpg
[2011/05/08 14:53:48 | 000,046,417 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls5.jpg
[2011/05/08 14:52:16 | 000,041,584 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls3.jpg
[2011/05/08 14:50:32 | 000,028,446 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls1.jpg
[2011/05/08 14:48:57 | 000,036,418 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo_swirls.jpg
[2011/05/08 11:37:08 | 000,074,208 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\carolo swirls.cdr
[2011/05/08 11:30:17 | 000,068,881 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl_5.jpg
[2011/05/08 11:29:09 | 000,047,389 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl_4.jpg
[2011/05/08 11:23:37 | 000,142,628 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl_3.jpg
[2011/05/08 11:17:23 | 000,088,047 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl 2.jpg
[2011/05/08 11:13:57 | 000,196,624 | ---- | C] () -- C:\Documents and Settings\Linda\My Documents\swirl.jpg
[2011/05/01 17:05:34 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/09/18 15:42:31 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/18 15:42:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2010/09/18 12:37:29 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/18 12:37:27 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/18 12:37:27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/17 18:58:11 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/09/17 18:56:23 | 001,054,032 | ---- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2010/09/17 18:56:05 | 005,845,744 | ---- | C] () -- C:\WINDOWS\System32\win32cpr.dll
[2010/09/17 18:56:05 | 002,385,136 | ---- | C] () -- C:\WINDOWS\System32\winsflt_x64.dll
[2010/09/17 18:56:05 | 001,872,624 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2010/09/17 18:56:05 | 001,377,008 | ---- | C] () -- C:\WINDOWS\System32\svcprs32.exe
[2010/09/17 18:56:05 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\winsfinst.exe
[2010/09/17 18:56:04 | 002,347,760 | ---- | C] () -- C:\WINDOWS\System32\mdmcls32.exe
[2010/08/12 14:57:32 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\FileMonitor32.dll
[2010/05/24 16:06:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2010/05/24 16:06:04 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2010/04/18 13:02:05 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 20:16:39 | 000,000,272 | ---- | C] () -- C:\WINDOWS\ReadIris.ini
[2010/04/05 13:14:16 | 000,000,331 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI
[2010/04/05 13:13:33 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2010/04/05 13:13:28 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppLangChoice.ini
[2010/04/05 13:13:27 | 000,343,040 | R--- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2010/04/05 13:13:27 | 000,116,736 | R--- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2010/04/05 12:43:04 | 000,000,183 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/04/03 22:57:23 | 000,009,536 | ---- | C] () -- C:\WINDOWS\System32\XEFX_ENU.DLL
[2010/04/03 22:47:59 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2010/04/03 22:43:51 | 000,000,096 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2010/04/03 22:43:37 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2010/04/03 22:43:37 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2010/04/03 22:43:37 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2010/04/03 22:43:37 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2010/04/03 22:43:37 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2010/04/03 21:37:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\spiemon.ini
[2010/04/03 13:22:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\X9QUEMGR.INI
[2010/04/03 13:11:33 | 000,000,689 | ---- | C] () -- C:\WINDOWS\SHSFTSET.INI
[2010/04/03 13:11:33 | 000,000,428 | ---- | C] () -- C:\WINDOWS\spipcl4a.ini
[2010/04/03 13:11:33 | 000,000,147 | ---- | C] () -- C:\WINDOWS\XEROXTW.INI
[2010/04/03 13:11:25 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\LMSXXEF.exe
[2010/04/03 13:11:25 | 000,001,106 | ---- | C] () -- C:\WINDOWS\sd4.ini
[2010/04/03 12:41:47 | 000,026,516 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/03/30 17:10:52 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2010/03/30 17:10:50 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2010/03/29 21:22:02 | 000,340,992 | ---- | C] () -- C:\WINDOWS\unwash.exe
[2010/03/29 21:16:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/29 19:01:30 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/03/29 17:31:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/29 17:29:52 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2010/03/29 17:29:52 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2010/03/29 17:29:52 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2010/03/29 17:26:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/29 09:18:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/29 09:17:11 | 000,393,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/12 12:03:34 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/04/15 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/15 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/15 00:00:00 | 000,493,054 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/15 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/15 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/15 00:00:00 | 000,083,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/15 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/15 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/15 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/15 00:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/15 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/15 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/20 03:51:59 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/10/15 09:52:20 | 000,000,089 | ---- | C] () -- C:\WINDOWS\System32\WCEFSTMN.INI

========== LOP Check ==========

[2010/09/19 15:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2010/09/19 15:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/03/29 18:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/04/03 12:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/03/29 21:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Avanquest
[2010/04/03 14:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\GetRightToGo
[2010/03/29 22:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\OpenOffice.org
[2010/04/03 12:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\ScanSoft
[2010/04/03 15:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Thunderbird
[2011/01/23 18:52:00 | 000,000,514 | ---- | M] () -- C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Linda at 4 52 PM.job
[2011/06/04 17:37:24 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



< End of report >
  • 0

#27
lgfr
Posted 05 June 2011 - 09:21 AM

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Maliprog,

I really need your help. Don't know if this will help but the redirect always takes me to a page that is The Click Check. I can't search anything in google through Firefox without being redirected to The Click Check.
  • 0

#28
maliprog
Posted 05 June 2011 - 12:29 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi lgfr,

Please answer these questions for me so we can narrow the problem.

  • Do you use router to to access internet?
  • Do you have any other PCs connected to that router and does they get redirected?
  • Do you get redirected in all browsers you use or this redirection only effect one browser?

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

  • 0

#29
lgfr
Posted 05 June 2011 - 12:48 PM

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Yes I use a router D-Link DIR 615

There is another computer on the router but it doesn't redirect

Here are the results from aswMBR

aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-30 07:59:34
-----------------------------
07:59:34.406 OS Version: Windows 5.1.2600 Service Pack 3
07:59:34.406 Number of processors: 2 586 0x6B02
07:59:34.406 ComputerName: 8FCC61F12 UserName: Linda
07:59:37.375 Initialize success
07:59:47.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:59:47.406 Disk 0 Vendor: WDC_WD3200AAJS-65M0A0 01.03E01 Size: 305245MB BusType: 3
07:59:49.421 Disk 0 MBR read successfully
07:59:49.421 Disk 0 MBR scan
07:59:49.421 Disk 0 Windows XP default MBR code
07:59:51.421 Disk 0 scanning sectors +348160680
07:59:51.421 Disk 0 scanning C:\WINDOWS\system32\drivers
07:59:55.171 Service scanning
07:59:56.062 Disk 0 trace - called modules:
07:59:56.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:59:56.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89cbeab8]
07:59:56.078 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x89d281e0]
07:59:56.078 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89cca940]
08:00:03.593 Unsigned kernel modules:
08:00:03.593 0xb81c8000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:00:03.687 0xb7c1c000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
08:00:09.765 0xb82e8000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:00:09.937 0xb44f3000 C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:00:17.250 0xa43fa000 C:\WINDOWS\system32\VSP1284D.SYS
08:00:18.093 Scan finished successfully
08:01:09.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Linda\Desktop\MBR.dat"
08:01:09.578 The log file has been saved successfully to "C:\Documents and Settings\Linda\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-05 14:42:06
-----------------------------
14:42:06.218 OS Version: Windows 5.1.2600 Service Pack 3
14:42:06.218 Number of processors: 2 586 0x6B02
14:42:06.218 ComputerName: 8FCC61F12 UserName: Linda
14:42:06.609 Initialize success
14:42:12.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:42:12.343 Disk 0 Vendor: WDC_WD3200AAJS-65M0A0 01.03E01 Size: 305245MB BusType: 3
14:42:14.375 Disk 0 MBR read successfully
14:42:14.375 Disk 0 MBR scan
14:42:14.375 Disk 0 Windows XP default MBR code
14:42:16.375 Disk 0 scanning sectors +348160680
14:42:16.390 Disk 0 scanning C:\WINDOWS\system32\drivers
14:42:20.093 Service scanning
14:42:20.968 Disk 0 trace - called modules:
14:42:20.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:42:20.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89cfaab8]
14:42:20.984 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000063[0x89c30f18]
14:42:20.984 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d29940]
14:42:20.984 Scan finished successfully
14:42:32.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Linda\Desktop\MBR.dat"
14:42:32.953 The log file has been saved successfully to "C:\Documents and Settings\Linda\Desktop\aswMBR.txt"
  • 0

#30
lgfr
Posted 05 June 2011 - 01:36 PM

lgfr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I just tried Internet Explorer and I don't get redirected.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP