Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to open programs, install some new programs


  • This topic is locked This topic is locked

#1
HthrB

HthrB

    New Member

  • Member
  • Pip
  • 6 posts
Hello. I've developed an issue with my computer where I am now unable to open my programs, and I'm either prompted to choose a program to open the .exe file with, or receive an error message saying "Application not found". This all began while I was browsing the internet and a window popped up asking if I wanted to allow update.exe to run, which I didn't. AVG immediately caught and quarantined some files. After that all scans came up with no issues. Norton Power Eraser finds a couple bad files and when I run the fix and restart it doesn't remove the files. These were identified as (HKEY_USERS/S-1-5-21-1682988488-2114230317-3291856830-1000\software\classes\.exe\shell\open\command\"" & HKEY_USERS/S-1-5-21-1682988488-2114230317-3291856830-1000\software\classes\exefile\open\command\"" ). I've also run SUPERAntiSpyware and it found System.BrokenFileAssociation - Registry Keys - HKCR\.exe, but again when I attempt to remove/quarantine nothing appears to fix the issues I'm having running programs. Any help in regards to these issues would be very much appreciated as I'm not that computer savvy :) Thanks HB
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, HthrB! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



Could you do the following for me please. If you have any trouble running it, just let me know :yes:


OTL Quick Scan
Download OTL to your Desktop
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
HthrB

HthrB

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Before I paste the OTL logs I think it may be important to mention since writing this post I ran Malwarebytes' AntiMalware, and that appears to have corrected my issues, but I of course want to ensure everything is fixed. Once running the quick scan the only notepad that opens up is the OTL.txt, not the extras. Here is the content from the OTL log.

OTL logfile created on: 02/08/2011 2:04:21 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Heather\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 41.64% Memory free
6.14 Gb Paging File | 3.36 Gb Available in Paging File | 54.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.81 Gb Total Space | 35.71 Gb Free Space | 16.03% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.13 Gb Free Space | 41.32% Space Free | Partition Type: NTFS

Computer Name: HEATHER-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/30 15:06:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Downloads\OTL.exe
PRC - [2011/07/27 09:55:46 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/07/11 16:09:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/03 06:58:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/06/29 12:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\stacsv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\AEstSrv.exe
PRC - [2008/11/06 09:06:32 | 000,151,552 | ---- | M] (ShaPlus Software) -- C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
PRC - [2008/10/16 14:58:30 | 001,668,344 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/23 23:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/25 07:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/08/25 07:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/08/25 07:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/08/25 07:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/31 13:58:38 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/07/04 15:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2008/06/09 13:47:36 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2008/06/09 13:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe


========== Modules (SafeList) ==========

MOD - [2011/07/30 15:06:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Downloads\OTL.exe
MOD - [2011/07/03 07:52:28 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011/07/03 07:52:28 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asOEHook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\stacsv.exe -- (STacSV)
SRV - [2009/06/26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/18 19:14:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/16 14:58:30 | 001,668,344 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/06/09 13:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/30 21:52:07 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/29 07:58:06 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110801.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/29 01:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110801.049\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/07/29 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/29 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110801.049\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIV)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/06/22 22:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/06/29 12:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/26 10:27:40 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2009/01/19 08:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/01/19 08:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/21 07:15:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/10/16 17:53:28 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/08/25 07:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/08/25 06:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/08/25 06:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/16 07:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/16 07:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/16 07:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.8
FF - prefs.js..extensions.enabledItems: {333b42b0-9c75-11db-b606-0800200c9a66}:2.200100126
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6
FF - prefs.js..keyword.URL: "http://www.afodo.com...ls=bs0cBgtG&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.afodo.com...ls=bs0cBgtG&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Heather\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009/03/18 19:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 09:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/03 06:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/07/30 21:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn\ [2011/07/30 21:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/11 16:09:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/03 07:00:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext [2009/03/18 19:03:39 | 000,000,000 | ---D | M]

[2009/03/27 23:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions
[2009/03/27 23:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/12 10:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions
[2010/05/04 09:19:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/20 21:18:12 | 000,000,000 | ---D | M] (PinkHope) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}
[2011/03/29 17:16:34 | 000,000,000 | ---D | M] (Amazon Button) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\[email protected]
[2010/08/31 17:44:09 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\[email protected]
[2009/06/15 00:04:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\[email protected]
[2010/03/20 21:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions
[2010/03/20 21:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/08/18 16:47:50 | 000,002,197 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\searchplugins\google-search.xml
[2011/05/10 15:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/07 23:35:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/07 20:30:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 22:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 08:49:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/12 09:53:01 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\HEATHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RIGHQLQV.DEFAULT\EXTENSIONS\[email protected]
[2011/07/11 16:09:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] File not found
O4 - HKLM..\Run: [SSA.exe] C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe (Bell)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 12:27:51 | 000,000,000 | ---D | C] -- C:\Users\Heather\.frostwire5
[2011/07/31 12:27:38 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2011/07/31 12:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
[2011/07/31 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/31 11:00:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/30 21:55:11 | 000,000,000 | ---D | C] -- C:\Users\Heather\Documents\Symantec
[2011/07/30 21:52:08 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/07/30 21:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/07/30 21:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/07/30 21:51:24 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/07/30 21:51:24 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/07/30 21:51:24 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/07/30 21:51:24 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/07/30 21:51:24 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/07/30 21:51:24 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/07/30 21:51:24 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/07/30 21:51:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/07/30 21:51:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1206000.01D
[2011/07/30 21:51:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/07/30 21:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/07/30 21:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/07/30 21:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/07/30 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{AA9F94B1-070B-4260-B24D-EE96E6A412D8}
[2011/07/30 14:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/07/30 14:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/07/30 14:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/07/30 14:50:44 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Malwarebytes
[2011/07/30 14:50:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/30 14:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/30 14:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/30 14:50:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/30 14:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/30 12:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/30 12:11:48 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/30 12:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/30 12:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/30 11:09:29 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/07/29 10:52:16 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\NPE
[2011/07/29 10:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/07/13 13:52:55 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{3AD807AA-36CB-46AA-9DFC-C8F80665CE00}
[2011/07/11 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{CFF9A7A3-CA0A-4E91-8E91-B15CA97A5621}
[2011/07/09 17:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\BB Lite
[2011/07/07 17:13:49 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{0E9304F8-A2AD-4726-9A7B-881986071F23}
[2011/07/06 12:57:46 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{DD89132F-4444-48DB-975B-DCB1D19C2799}
[2011/07/06 10:15:15 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\BigBrotherLite
[2011/07/05 10:05:24 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{5B0BA94F-AA5C-4D89-B84C-A320C2DDBA61}
[2011/07/04 13:59:45 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{89B70CA3-E6FF-488D-B8E7-27D3716DE0C7}
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/08/03 08:19:17 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Heather\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/02 13:25:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 13:25:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 11:32:19 | 126,555,711 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/02 11:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/31 12:27:40 | 000,001,056 | ---- | M] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/31 12:27:39 | 000,001,032 | ---- | M] () -- C:\Users\Heather\Desktop\FrostWire 5.0.8.lnk
[2011/07/30 22:13:26 | 000,013,935 | ---- | M] () -- C:\Users\Heather\Desktop\collection_tv_1701348536.csv
[2011/07/30 22:12:51 | 000,018,005 | ---- | M] () -- C:\Users\Heather\Desktop\collection_books_1701348536.csv
[2011/07/30 22:12:18 | 000,010,356 | ---- | M] () -- C:\Users\Heather\Desktop\collection_albums_1701348536.csv
[2011/07/30 22:11:16 | 000,051,402 | ---- | M] () -- C:\Users\Heather\Desktop\collection_movies_1701348536.csv
[2011/07/30 21:53:13 | 002,401,262 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/07/30 21:52:07 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/07/30 21:52:07 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/07/30 21:52:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/07/30 21:51:50 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/07/30 21:31:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/07/30 21:31:11 | 3178,123,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/30 14:58:15 | 000,000,814 | ---- | M] () -- C:\Users\Heather\Desktop\SpywareBlaster.lnk
[2011/07/30 14:50:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 12:11:41 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/30 11:49:12 | 000,303,122 | ---- | M] () -- C:\Users\Heather\AppData\Local\census.cache
[2011/07/30 11:49:10 | 000,228,258 | ---- | M] () -- C:\Users\Heather\AppData\Local\ars.cache
[2011/07/30 11:27:02 | 000,000,036 | ---- | M] () -- C:\Users\Heather\AppData\Local\housecall.guid.cache
[2011/07/29 10:54:02 | 011,072,922 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\SMRBackup200.dat
[2011/07/29 09:41:04 | 000,001,432 | -HS- | M] () -- C:\Users\Heather\AppData\Local\4jt08j3453lv6eerv3ryh58wlpwkbx274umkyc5s2batk27
[2011/07/29 09:41:04 | 000,001,432 | -HS- | M] () -- C:\ProgramData\4jt08j3453lv6eerv3ryh58wlpwkbx274umkyc5s2batk27
[2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Heather\AppData\Local\vwwl.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Heather\AppData\Local\uxpl.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Heather\AppData\Local\tevh.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\ProgramData\rvoi.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\ProgramData\ewae.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\ProgramData\ccxu.exe
[2011/07/29 09:40:50 | 000,000,000 | ---- | M] () -- C:\ProgramData\rurv.exe
[2011/07/29 09:40:50 | 000,000,000 | ---- | M] () -- C:\Users\Heather\AppData\Local\omal.exe
[2011/07/27 18:39:09 | 000,609,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/27 18:39:09 | 000,108,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/19 13:40:21 | 000,000,680 | ---- | M] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat
[2011/07/16 18:23:29 | 000,103,936 | ---- | M] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/13 08:15:14 | 000,372,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 09:53:02 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/09 17:24:45 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\BB Lite.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/04 19:08:12 | 000,032,088 | ---- | M] () -- C:\Users\Heather\Desktop\tumblr_lmvyns5pbf1qz82xho1_400.jpg
[2011/07/04 17:40:22 | 000,332,477 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/31 12:27:39 | 000,001,056 | ---- | C] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/31 12:27:38 | 000,001,032 | ---- | C] () -- C:\Users\Heather\Desktop\FrostWire 5.0.8.lnk
[2011/07/30 22:13:24 | 000,013,935 | ---- | C] () -- C:\Users\Heather\Desktop\collection_tv_1701348536.csv
[2011/07/30 22:12:50 | 000,018,005 | ---- | C] () -- C:\Users\Heather\Desktop\collection_books_1701348536.csv
[2011/07/30 22:12:16 | 000,010,356 | ---- | C] () -- C:\Users\Heather\Desktop\collection_albums_1701348536.csv
[2011/07/30 22:11:14 | 000,051,402 | ---- | C] () -- C:\Users\Heather\Desktop\collection_movies_1701348536.csv
[2011/07/30 21:52:14 | 002,401,262 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/07/30 21:52:08 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/07/30 21:52:08 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/07/30 21:51:50 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/07/30 21:51:24 | 000,000,000 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/07/30 21:51:13 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/07/30 21:51:13 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.cat
[2011/07/30 21:51:13 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/07/30 21:51:13 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/07/30 21:51:13 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/07/30 21:51:13 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/07/30 21:51:13 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/07/30 21:51:13 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/07/30 21:51:13 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/07/30 21:51:13 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/07/30 21:51:13 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/07/30 21:51:13 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/07/30 21:51:13 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/07/30 21:51:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/07/30 21:31:23 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/07/30 14:58:15 | 000,000,814 | ---- | C] () -- C:\Users\Heather\Desktop\SpywareBlaster.lnk
[2011/07/30 14:50:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 12:11:41 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/30 11:40:09 | 000,303,122 | ---- | C] () -- C:\Users\Heather\AppData\Local\census.cache
[2011/07/30 11:39:43 | 000,228,258 | ---- | C] () -- C:\Users\Heather\AppData\Local\ars.cache
[2011/07/30 11:27:02 | 000,000,036 | ---- | C] () -- C:\Users\Heather\AppData\Local\housecall.guid.cache
[2011/07/29 10:52:56 | 011,072,922 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\SMRBackup200.dat
[2011/07/29 09:40:52 | 000,001,432 | -HS- | C] () -- C:\Users\Heather\AppData\Local\4jt08j3453lv6eerv3ryh58wlpwkbx274umkyc5s2batk27
[2011/07/29 09:40:52 | 000,001,432 | -HS- | C] () -- C:\ProgramData\4jt08j3453lv6eerv3ryh58wlpwkbx274umkyc5s2batk27
[2011/07/29 09:40:51 | 000,000,000 | ---- | C] () -- C:\Users\Heather\AppData\Local\vwwl.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | C] () -- C:\Users\Heather\AppData\Local\uxpl.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | C] () -- C:\Users\Heather\AppData\Local\tevh.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\rvoi.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\ewae.exe
[2011/07/29 09:40:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\ccxu.exe
[2011/07/29 09:40:50 | 000,000,000 | ---- | C] () -- C:\ProgramData\rurv.exe
[2011/07/29 09:40:50 | 000,000,000 | ---- | C] () -- C:\Users\Heather\AppData\Local\omal.exe
[2011/07/06 10:15:07 | 000,000,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BB Lite.lnk
[2011/07/06 10:15:07 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\BB Lite.lnk
[2011/07/04 19:08:11 | 000,032,088 | ---- | C] () -- C:\Users\Heather\Desktop\tumblr_lmvyns5pbf1qz82xho1_400.jpg
[2011/06/10 20:50:43 | 000,001,536 | -HS- | C] () -- C:\Users\Heather\AppData\Local\g5ofu55gh14c3mt5c
[2011/06/10 20:50:43 | 000,001,536 | -HS- | C] () -- C:\ProgramData\g5ofu55gh14c3mt5c
[2011/04/05 21:54:17 | 000,010,368 | -HS- | C] () -- C:\Users\Heather\AppData\Local\3lhqy33xpt11p
[2011/04/05 21:54:17 | 000,010,368 | -HS- | C] () -- C:\ProgramData\3lhqy33xpt11p
[2010/11/16 21:21:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/08/08 15:50:24 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySavi2mpeg.dat
[2010/08/08 15:50:06 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/06/26 21:35:46 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/06/26 21:35:46 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/06/26 21:35:46 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/06/26 21:35:46 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/06/26 21:35:46 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/06/26 21:35:46 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/01/22 00:16:52 | 000,000,000 | ---- | C] () -- C:\Users\Heather\AppData\Local\prvlcl.dat
[2009/12/17 23:04:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/19 15:44:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/19 15:44:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/29 10:00:26 | 000,000,680 | ---- | C] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat
[2009/03/27 10:59:01 | 000,103,936 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/25 23:39:08 | 000,026,320 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\wklnhst.dat
[2009/03/18 21:26:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/03/18 21:26:46 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/03/18 21:26:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/03/18 21:22:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/18 19:07:08 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/18 18:55:09 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/18 18:55:07 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/18 18:55:06 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,372,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,640 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL

========== LOP Check ==========

[2010/10/28 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\AVG10
[2011/08/01 00:29:47 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Azureus
[2010/07/14 19:45:29 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\BBLite.1C8FCB66D507A5DBA729DC95068F311B51E8F16C.1
[2009/03/29 16:41:04 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Bell
[2011/07/06 10:15:15 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\BigBrotherLite
[2009/09/10 08:36:28 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\CiscoCAA
[2009/03/25 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\DigitalPersona
[2010/06/17 22:23:17 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Facebook
[2011/07/31 12:26:30 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\FrostWire
[2011/01/23 20:25:54 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\LimeWire
[2010/08/01 21:44:39 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Research In Motion
[2011/07/11 00:50:20 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SoftGrid Client
[2009/03/25 23:39:09 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Template
[2010/09/16 20:09:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\TP
[2010/06/27 12:59:00 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Ulead Systems
[2009/03/26 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Windows Live Writer
[2011/07/30 21:29:53 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/03 14:52:05 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{772FFADE-11C6-43A6-9594-D27B925520E3}.job

========== Purity Check ==========



< End of report >
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Thanks for letting me know about Malwarebytes. It looks to have sorted your .exe file association problems, but I can still see some infections present. Lets remove the ones found in your OTL log, then we'll look a bit deeper, to see if any others are still lurking :)


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..keyword.URL: "http://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bs0cBgtG&q="
    FF - user.js..keyword.URL: "http://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bs0cBgtG&q="
    [2011/07/29 09:41:04 | 000,001,432 | -HS- | M] () -- C:\Users\Heather\AppData\Local\4jt08j3453lv6eerv3ryh58wlpwkbx274umkyc5s2batk27
    [2011/07/29 09:41:04 | 000,001,432 | -HS- | M] () -- C:\ProgramData\4jt08j3453lv6eerv3ryh58wlpwkbx274umkyc5s2batk27
    [2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Heather\AppData\Local\vwwl.exe
    [2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Heather\AppData\Local\uxpl.exe
    [2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Heather\AppData\Local\tevh.exe
    [2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\ProgramData\rvoi.exe
    [2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\ProgramData\ewae.exe
    [2011/07/29 09:40:51 | 000,000,000 | ---- | M] () -- C:\ProgramData\ccxu.exe
    [2011/07/29 09:40:50 | 000,000,000 | ---- | M] () -- C:\ProgramData\rurv.exe
    [2011/07/29 09:40:50 | 000,000,000 | ---- | M] () -- C:\Users\Heather\AppData\Local\omal.exe
    [2011/06/10 20:50:43 | 000,001,536 | -HS- | C] () -- C:\Users\Heather\AppData\Local\g5ofu55gh14c3mt5c
    [2011/06/10 20:50:43 | 000,001,536 | -HS- | C] () -- C:\ProgramData\g5ofu55gh14c3mt5c
    [2011/04/05 21:54:17 | 000,010,368 | -HS- | C] () -- C:\Users\Heather\AppData\Local\3lhqy33xpt11p
    [2011/04/05 21:54:17 | 000,010,368 | -HS- | C] () -- C:\ProgramData\3lhqy33xpt11p
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




3)
You do appear to be running two Anti Virus programs, Norton Internet Security and AVG.

With Anti-Virus programs I would highly recommend only having one installed at any given time :unsure:

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.




In your next reply
Please post the contents of...
OTL log
aswMBR log

  • 0

#5
HthrB

HthrB

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All processes killed
========== OTL ==========
Prefs.js: "http://www.afodo.com...ls=bs0cBgtG&q=" removed from keyword.URL
C:\Users\Heather\AppData\Roaming\Mozilla\FireFox\Profiles\righqlqv.default\user.js moved successfully.
C:\Users\Heather\AppData\Local\4jt08j3453lv6eerv3ryh58wlpwkbx274umkyc5s2batk27 moved successfully.
C:\ProgramData\4jt08j3453lv6eerv3ryh58wlpwkbx274umkyc5s2batk27 moved successfully.
C:\Users\Heather\AppData\Local\vwwl.exe moved successfully.
C:\Users\Heather\AppData\Local\uxpl.exe moved successfully.
C:\Users\Heather\AppData\Local\tevh.exe moved successfully.
C:\ProgramData\rvoi.exe moved successfully.
C:\ProgramData\ewae.exe moved successfully.
C:\ProgramData\ccxu.exe moved successfully.
C:\ProgramData\rurv.exe moved successfully.
C:\Users\Heather\AppData\Local\omal.exe moved successfully.
C:\Users\Heather\AppData\Local\g5ofu55gh14c3mt5c moved successfully.
C:\ProgramData\g5ofu55gh14c3mt5c moved successfully.
C:\Users\Heather\AppData\Local\3lhqy33xpt11p moved successfully.
C:\ProgramData\3lhqy33xpt11p moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Heather\Downloads\cmd.bat deleted successfully.
C:\Users\Heather\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Heather
->Temp folder emptied: 4463668812 bytes
->Temporary Internet Files folder emptied: 874555204 bytes
->Java cache emptied: 464478349 bytes
->FireFox cache emptied: 675626807 bytes
->Flash cache emptied: 6336089 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 360070026 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 13046382787 bytes

Total Files Cleaned = 18,970.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Heather
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.26.1 log created on 08022011_190659

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-02 19:38:21
-----------------------------
19:38:21.291 OS Version: Windows 6.0.6002 Service Pack 2
19:38:21.291 Number of processors: 2 586 0x170A
19:38:21.291 ComputerName: HEATHER-PC UserName: Heather
19:39:51.318 Initialize success
19:41:30.261 AVAST engine defs: 11080201
19:41:38.592 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:41:38.592 Disk 0 Vendor: ST9250315AS 0002DEM1 Size: 238475MB BusType: 3
19:41:40.667 Disk 0 MBR read successfully
19:41:40.667 Disk 0 MBR scan
19:41:40.682 Disk 0 Windows VISTA default MBR code
19:41:40.698 Disk 0 scanning sectors +488394752
19:41:40.838 Disk 0 scanning C:\Windows\system32\drivers
19:42:14.331 Service scanning
19:42:18.949 Modules scanning
19:42:55.838 Disk 0 trace - called modules:
19:42:55.885 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
19:42:55.885 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852f4ac8]
19:42:55.900 3 CLASSPNP.SYS[8a5a78b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8513bb98]
19:42:58.942 AVAST engine scan C:\Windows
19:43:09.145 AVAST engine scan C:\Windows\system32
19:49:11.656 AVAST engine scan C:\Windows\system32\drivers
19:49:56.086 AVAST engine scan C:\Users\Heather
20:18:24.955 AVAST engine scan C:\ProgramData
20:28:30.850 Scan finished successfully
20:29:56.089 Disk 0 MBR has been saved successfully to "C:\Users\Heather\Desktop\MBR.dat"
20:29:56.152 The log file has been saved successfully to "C:\Users\Heather\Desktop\aswMBR.txt"
  • 0

#6
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent, it looks like OTL has removed those items which were present in the earlier log. The aswMBR log looks good.

Could you do the following please, then get back to me with the logs :)



1)
Download ComboFix from one of these locations:

Link 1
Link 2


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.




2)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




In your next reply
Please post the contents of...
ComboFix log
OTL log

  • 0

#7
HthrB

HthrB

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I've run Combofix and will supply the log below, but now when I try to run OTL I get an error message stating the directory name is invalid.

ComboFix 11-08-03.03 - Heather 04/08/2011 8:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3030.1184 [GMT -4:00]
Running from: c:\users\Heather\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Templates\4jt08j3453lv6eerv3ryh58wlpwkbx274umkyc5s2batk27
c:\windows\system32\no
c:\windows\system32\no\DPCrProv.dll.mui
c:\windows\system32\no\DPSDApi.dll.mui
c:\windows\system32\SV
c:\windows\system32\SV\DPCrProv.dll.mui
c:\windows\system32\SV\DPSDApi.dll.mui
.
.
((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-04 13:17 . 2011-08-04 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-02 23:06 . 2011-08-02 23:06 -------- d-----w- C:\_OTL
2011-08-02 23:03 . 2011-08-02 23:03 -------- d-----w- c:\users\Heather\AppData\Local\CrashDumps
2011-07-31 16:27 . 2011-07-31 16:30 -------- d-----w- c:\users\Heather\.frostwire5
2011-07-31 16:27 . 2011-07-31 16:29 -------- d-----w- c:\program files\FrostWire 5
2011-07-31 15:00 . 2011-07-31 15:00 -------- d-----w- c:\program files\Apple Software Update
2011-07-31 01:52 . 2011-07-31 01:52 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-31 01:52 . 2011-07-31 17:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-31 01:52 . 2011-07-31 01:52 -------- d-----w- c:\program files\Symantec
2011-07-31 01:51 . 2011-07-31 01:51 -------- d-----w- c:\windows\system32\drivers\NIS
2011-07-31 01:51 . 2011-07-31 01:51 -------- d-----w- c:\program files\Norton Internet Security
2011-07-31 01:50 . 2011-07-31 01:50 -------- d-----w- c:\program files\NortonInstaller
2011-07-30 18:58 . 2011-07-30 18:58 -------- d-----w- c:\program files\SpywareBlaster
2011-07-30 18:50 . 2011-07-30 18:50 -------- d-----w- c:\users\Heather\AppData\Roaming\Malwarebytes
2011-07-30 18:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 18:50 . 2011-07-30 18:50 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 18:50 . 2011-07-30 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 18:50 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 16:11 . 2011-07-30 16:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-30 16:11 . 2011-07-30 16:11 -------- d-----w- c:\users\Heather\AppData\Roaming\SUPERAntiSpyware.com
2011-07-30 16:11 . 2011-07-30 16:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-29 14:52 . 2011-07-31 01:51 -------- d-----w- c:\programdata\Norton
2011-07-29 14:52 . 2011-07-30 13:38 -------- d-----w- c:\users\Heather\AppData\Local\NPE
2011-07-12 22:59 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-12 22:59 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 22:59 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-11 20:09 . 2011-07-11 20:09 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-11 20:09 . 2011-07-11 20:09 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-09 21:24 . 2011-07-09 21:24 -------- d-----w- c:\program files\BB Lite
2011-07-06 15:21 . 2011-07-06 15:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 14:15 . 2011-07-06 14:15 -------- d-----w- c:\users\Heather\AppData\Roaming\BigBrotherLite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-07-11 20:09 . 2011-03-28 02:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-27 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 200704]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-06-09 814144]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Desktop Disc Tool"="c:\program files\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-07-03 273544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1616976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-18 23:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-23 815736]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110803.030\IDSvix86.sys [2011-08-02 367736]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-12 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\aestsrv.exe [2009-03-02 81920]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-16 1668344]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-16 482176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-15 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 105592]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-21 112128]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-25 54784]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-08-25 203264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-01-19 133472]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-01-19 279488]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-03 c:\windows\Tasks\User_Feed_Synchronization-{772FFADE-11C6-43A6-9594-D27B925520E3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-04 09:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Heather\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6108)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\DllHost.exe
c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG10\avgmfapx.exe
c:\program files\AVG\AVG10\avgmfapx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2011-08-04 09:40:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-04 13:40
.
Pre-Run: 59,102,609,408 bytes free
Post-Run: 58,790,252,544 bytes free
.
- - End Of File - - 6C074D66117E534B8D6424CEF6932608
  • 0

#8
HthrB

HthrB

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Scratch that, I got OTL to work, here is the log.

OTL logfile created on: 04/08/2011 12:50:12 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Heather\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 32.64% Memory free
6.13 Gb Paging File | 3.84 Gb Available in Paging File | 62.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.81 Gb Total Space | 54.90 Gb Free Space | 24.64% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.13 Gb Free Space | 41.32% Space Free | Partition Type: NTFS

Computer Name: HEATHER-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/30 15:06:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Downloads\OTL.exe
PRC - [2011/07/27 09:55:46 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/07/11 16:09:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/03 06:58:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/06/29 12:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\stacsv.exe
PRC - [2009/06/18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/04/09 16:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\AEstSrv.exe
PRC - [2008/11/06 09:06:32 | 000,151,552 | ---- | M] (ShaPlus Software) -- C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
PRC - [2008/10/16 14:58:30 | 001,668,344 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/23 23:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/25 07:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/08/25 07:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/08/25 07:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/08/25 07:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/31 13:58:38 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/07/04 15:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2008/06/09 13:47:36 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2008/06/09 13:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe


========== Modules (SafeList) ==========

MOD - [2011/07/30 15:06:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Downloads\OTL.exe
MOD - [2011/07/03 07:52:28 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011/07/03 07:52:28 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asOEHook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\stacsv.exe -- (STacSV)
SRV - [2009/06/26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/18 19:14:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/16 14:58:30 | 001,668,344 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/06/09 13:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 22:01:49 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110804.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 22:01:48 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110804.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/02 01:07:58 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110803.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/30 21:52:07 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/29 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/29 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/06/22 22:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/06/29 12:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/26 10:27:40 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2009/01/19 08:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/01/19 08:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/21 07:15:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/10/16 17:53:28 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/08/25 07:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/08/25 06:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/08/25 06:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/16 07:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/16 07:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/16 07:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.8
FF - prefs.js..extensions.enabledItems: {333b42b0-9c75-11db-b606-0800200c9a66}:2.200100126
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Heather\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009/03/18 19:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/03 06:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/08/02 19:29:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_0_8 [2011/08/04 12:44:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/04 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/11 16:09:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/03 07:00:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext [2009/03/18 19:03:39 | 000,000,000 | ---D | M]

[2009/03/27 23:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions
[2009/03/27 23:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/12 10:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions
[2010/05/04 09:19:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/20 21:18:12 | 000,000,000 | ---D | M] (PinkHope) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}
[2011/03/29 17:16:34 | 000,000,000 | ---D | M] (Amazon Button) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\[email protected]
[2010/08/31 17:44:09 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\[email protected]
[2009/06/15 00:04:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\[email protected]
[2010/03/20 21:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions
[2010/03/20 21:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/08/18 16:47:50 | 000,002,197 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\righqlqv.default\searchplugins\google-search.xml
[2011/05/10 15:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/07 23:35:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/07 20:30:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 22:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 08:49:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/04 09:39:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/08/04 12:44:41 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\COFFPLGN_2011_7_0_8
[2011/08/02 19:29:25 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPLGN
() (No name found) -- C:\USERS\HEATHER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RIGHQLQV.DEFAULT\EXTENSIONS\[email protected]
[2011/07/11 16:09:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/04 09:27:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] File not found
O4 - HKLM..\Run: [SSA.exe] C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe (Bell)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Heather\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1682988488-2114230317-3291856830-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 11:35:59 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2011/08/04 09:48:36 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2011/08/04 09:34:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/04 08:51:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/04 08:51:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/04 08:51:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/04 08:51:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/04 08:50:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/04 08:47:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/04 08:40:23 | 004,163,573 | R--- | C] (Swearware) -- C:\Users\Heather\Desktop\ComboFix.exe
[2011/08/02 19:33:51 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Heather\Desktop\aswMBR.exe
[2011/08/02 19:33:23 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{1C0616BD-C93D-4367-A01C-F5E9DD601653}
[2011/08/02 19:06:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/02 19:03:22 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\CrashDumps
[2011/07/31 12:27:51 | 000,000,000 | ---D | C] -- C:\Users\Heather\.frostwire5
[2011/07/31 12:27:38 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2011/07/31 12:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
[2011/07/31 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/30 21:55:11 | 000,000,000 | ---D | C] -- C:\Users\Heather\Documents\Symantec
[2011/07/30 21:52:08 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/07/30 21:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/07/30 21:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/07/30 21:51:24 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/07/30 21:51:24 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/07/30 21:51:24 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/07/30 21:51:24 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/07/30 21:51:24 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/07/30 21:51:24 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/07/30 21:51:24 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/07/30 21:51:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/07/30 21:51:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1206000.01D
[2011/07/30 21:51:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/07/30 21:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/07/30 21:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/07/30 21:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/07/30 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{AA9F94B1-070B-4260-B24D-EE96E6A412D8}
[2011/07/30 14:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/07/30 14:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/07/30 14:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/07/30 14:50:44 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Malwarebytes
[2011/07/30 14:50:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/30 14:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/30 14:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/30 14:50:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/30 14:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/30 12:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/30 12:11:48 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/30 12:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/30 12:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/30 11:09:29 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/07/29 10:52:16 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\NPE
[2011/07/29 10:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/07/13 13:52:55 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{3AD807AA-36CB-46AA-9DFC-C8F80665CE00}
[2011/07/11 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{CFF9A7A3-CA0A-4E91-8E91-B15CA97A5621}
[2011/07/09 17:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\BB Lite
[2011/07/07 17:13:49 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{0E9304F8-A2AD-4726-9A7B-881986071F23}
[2011/07/06 12:57:46 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\{DD89132F-4444-48DB-975B-DCB1D19C2799}
[2011/07/06 10:15:15 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\BigBrotherLite
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/08/03 08:19:17 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Heather\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/08/04 12:44:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 12:44:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 12:42:20 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/08/04 12:41:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/04 12:41:42 | 3178,123,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/04 09:48:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2011/08/04 09:33:01 | 126,853,854 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/04 09:27:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/04 08:42:51 | 004,163,573 | R--- | M] (Swearware) -- C:\Users\Heather\Desktop\ComboFix.exe
[2011/08/03 21:55:25 | 126,786,227 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2011/08/02 20:29:56 | 000,000,512 | ---- | M] () -- C:\Users\Heather\Desktop\MBR.dat
[2011/08/02 19:34:46 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Heather\Desktop\aswMBR.exe
[2011/07/31 12:27:40 | 000,001,056 | ---- | M] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/31 12:27:39 | 000,001,032 | ---- | M] () -- C:\Users\Heather\Desktop\FrostWire 5.0.8.lnk
[2011/07/30 22:13:26 | 000,013,935 | ---- | M] () -- C:\Users\Heather\Desktop\collection_tv_1701348536.csv
[2011/07/30 22:12:51 | 000,018,005 | ---- | M] () -- C:\Users\Heather\Desktop\collection_books_1701348536.csv
[2011/07/30 22:12:18 | 000,010,356 | ---- | M] () -- C:\Users\Heather\Desktop\collection_albums_1701348536.csv
[2011/07/30 22:11:16 | 000,051,402 | ---- | M] () -- C:\Users\Heather\Desktop\collection_movies_1701348536.csv
[2011/07/30 21:53:13 | 002,401,262 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/07/30 21:52:07 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/07/30 21:52:07 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/07/30 21:52:07 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/07/30 21:51:50 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/07/30 14:58:15 | 000,000,814 | ---- | M] () -- C:\Users\Heather\Desktop\SpywareBlaster.lnk
[2011/07/30 14:50:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 12:11:41 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/30 11:49:12 | 000,303,122 | ---- | M] () -- C:\Users\Heather\AppData\Local\census.cache
[2011/07/30 11:49:10 | 000,228,258 | ---- | M] () -- C:\Users\Heather\AppData\Local\ars.cache
[2011/07/30 11:27:02 | 000,000,036 | ---- | M] () -- C:\Users\Heather\AppData\Local\housecall.guid.cache
[2011/07/29 10:54:02 | 011,072,922 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\SMRBackup200.dat
[2011/07/27 18:39:09 | 000,609,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/27 18:39:09 | 000,108,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/19 13:40:21 | 000,000,680 | ---- | M] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat
[2011/07/16 18:23:29 | 000,103,936 | ---- | M] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/13 08:15:14 | 000,372,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 09:53:02 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/09 17:24:45 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\BB Lite.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/04 12:42:17 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/08/04 08:51:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/04 08:51:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/04 08:51:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/04 08:51:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/04 08:51:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/02 20:29:56 | 000,000,512 | ---- | C] () -- C:\Users\Heather\Desktop\MBR.dat
[2011/07/31 12:27:39 | 000,001,056 | ---- | C] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/31 12:27:38 | 000,001,032 | ---- | C] () -- C:\Users\Heather\Desktop\FrostWire 5.0.8.lnk
[2011/07/30 22:13:24 | 000,013,935 | ---- | C] () -- C:\Users\Heather\Desktop\collection_tv_1701348536.csv
[2011/07/30 22:12:50 | 000,018,005 | ---- | C] () -- C:\Users\Heather\Desktop\collection_books_1701348536.csv
[2011/07/30 22:12:16 | 000,010,356 | ---- | C] () -- C:\Users\Heather\Desktop\collection_albums_1701348536.csv
[2011/07/30 22:11:14 | 000,051,402 | ---- | C] () -- C:\Users\Heather\Desktop\collection_movies_1701348536.csv
[2011/07/30 21:52:14 | 002,401,262 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/07/30 21:52:08 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/07/30 21:52:08 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/07/30 21:51:50 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/07/30 21:51:24 | 000,000,000 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/07/30 21:51:13 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/07/30 21:51:13 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.cat
[2011/07/30 21:51:13 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/07/30 21:51:13 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/07/30 21:51:13 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/07/30 21:51:13 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/07/30 21:51:13 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/07/30 21:51:13 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/07/30 21:51:13 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/07/30 21:51:13 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/07/30 21:51:13 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/07/30 21:51:13 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/07/30 21:51:13 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/07/30 21:51:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/07/30 14:58:15 | 000,000,814 | ---- | C] () -- C:\Users\Heather\Desktop\SpywareBlaster.lnk
[2011/07/30 14:50:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/30 12:11:41 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/30 11:40:09 | 000,303,122 | ---- | C] () -- C:\Users\Heather\AppData\Local\census.cache
[2011/07/30 11:39:43 | 000,228,258 | ---- | C] () -- C:\Users\Heather\AppData\Local\ars.cache
[2011/07/30 11:27:02 | 000,000,036 | ---- | C] () -- C:\Users\Heather\AppData\Local\housecall.guid.cache
[2011/07/29 10:52:56 | 011,072,922 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\SMRBackup200.dat
[2011/07/12 09:53:02 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/06 10:15:07 | 000,000,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BB Lite.lnk
[2011/07/06 10:15:07 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\BB Lite.lnk
[2010/11/16 21:21:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/08/08 15:50:24 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySavi2mpeg.dat
[2010/08/08 15:50:06 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/06/26 21:35:46 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/06/26 21:35:46 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/06/26 21:35:46 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/06/26 21:35:46 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/06/26 21:35:46 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/06/26 21:35:46 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/01/22 00:16:52 | 000,000,000 | ---- | C] () -- C:\Users\Heather\AppData\Local\prvlcl.dat
[2009/12/17 23:04:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/19 15:44:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/19 15:44:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/29 10:00:26 | 000,000,680 | ---- | C] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat
[2009/03/27 10:59:01 | 000,103,936 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/25 23:39:08 | 000,026,320 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\wklnhst.dat
[2009/03/18 21:26:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/03/18 21:26:46 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/03/18 21:26:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/03/18 21:22:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/18 19:07:08 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/03/18 18:55:09 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/18 18:55:07 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/18 18:55:06 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,372,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,640 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL

========== LOP Check ==========

[2010/10/28 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\AVG10
[2011/08/01 00:29:47 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Azureus
[2010/07/14 19:45:29 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\BBLite.1C8FCB66D507A5DBA729DC95068F311B51E8F16C.1
[2009/03/29 16:41:04 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Bell
[2011/07/06 10:15:15 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\BigBrotherLite
[2009/09/10 08:36:28 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\CiscoCAA
[2009/03/25 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\DigitalPersona
[2010/06/17 22:23:17 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Facebook
[2011/07/31 12:26:30 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\FrostWire
[2011/01/23 20:25:54 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\LimeWire
[2010/08/01 21:44:39 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Research In Motion
[2011/07/11 00:50:20 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SoftGrid Client
[2009/03/25 23:39:09 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Template
[2010/09/16 20:09:46 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\TP
[2010/06/27 12:59:00 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Ulead Systems
[2009/03/26 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Windows Live Writer
[2011/08/04 12:39:42 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/03 14:52:05 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{772FFADE-11C6-43A6-9594-D27B925520E3}.job

========== Purity Check ==========



< End of report >
  • 0

#9
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent, your logs now look good to me :)

How is the PC behaving now, are you experiencing any other problems, or does everything appear normal now?
  • 0

#10
HthrB

HthrB

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Everything appears to be running smoothly now. Thank you so much for all your help. You saved me from an even bigger headache and you certainly saved my wallet, so a donation will most certainly be headed your way :)
  • 0

#11
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, you're welcome, many thanks :)

I'll now post my cleanup steps which will guide you through removing the tools we have used and give you some tips on staying safe :)



Good stuff, your logs now appear clean :unsure:

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected


Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR from the Desktop (if present)

2)
Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

3)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
    [CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

4)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

5)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :yes:
BlackOxide

  • 0

#12
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP