Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Startup hangs, monitor gets stuck in screensaver

Started by Apelila , Sep 07 2012 01:26 PM

  • Please log in to reply

#1
Apelila
Posted 07 September 2012 - 01:26 PM

Apelila

    Member

  • Member
  • PipPip
  • 42 posts
When booting up (about half the time) it hangs and I have to force it to shut down and try again. The monitor seems to hang in a weird screensaver too. Seems to be a lot of little things goin on here. Not sure what all has happened as it's my girlfriends computer.

OTL did give me output but when it finished it gave me this error -

Win32 Error. Code: 6.
The handle is invalid.







OTL logfile created on: 9/7/2012 2:14:00 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Terri Ward\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.80% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 168.20 Gb Free Space | 73.73% Space Free | Partition Type: NTFS

Computer Name: DFL7YBC1 | User Name: Terri Ward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 14:13:45 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terri Ward\Desktop\OTL.exe
PRC - [2012/09/03 21:12:43 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/06 11:11:06 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/07/13 19:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/26 02:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/23 01:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/02 01:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/02 01:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2009/03/08 03:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/06 01:44:35 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 11:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 08:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/01 17:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
PRC - [2006/02/16 10:20:20 | 001,118,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2005/10/31 11:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/30 22:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 12:45:41 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/07/13 19:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 03:18:22 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/14 03:17:59 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 03:16:16 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:16:01 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/09 03:16:39 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 03:14:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 03:10:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 03:09:05 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 03:08:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/03/30 20:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/23 01:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/02 01:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/02/04 20:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/05/07 20:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 20:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 20:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 20:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 20:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008/04/13 19:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2003/03/20 17:11:02 | 000,073,728 | ---- | M] () -- C:\Program Files\Creative\VoiceCenter\AEWave.ax


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/03 21:12:43 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/27 12:46:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2007/01/06 01:44:35 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/06/01 17:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/09/30 22:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{446DC165-B8CC-482A-9110-EB2480C24F3A}\MpKsl33e96db1.sys -- (MpKsl33e96db1)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/16 08:24:26 | 000,070,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2011/09/06 01:55:12 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2011/09/06 01:55:12 | 000,022,272 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetgps.sys -- (AndNetGps)
DRV - [2011/09/06 01:55:10 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2011/04/01 00:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/04/01 00:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 17:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/07 20:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/07/24 11:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/09 16:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 16:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 16:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 16:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 16:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/04 01:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/05/25 03:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 04:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 04:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA C1 17 35 08 D9 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {1B9BE7C5-6C76-4623-803A-EA18E5A68269}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1B9BE7C5-6C76-4623-803A-EA18E5A68269}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{56FFCC83-7CC4-4DF4-87CF-25884ED3ADE0}: "URL" = http://websearch.ask...80-109970128294
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...n=&geo=US&ver=1
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledAddons: {20068ab2-1901-4140-9f3c-81207d4dacc4}:3.8
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.4
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYYYUS&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Terri Ward\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/08/18 08:59:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 09:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/06 11:12:18 | 000,000,000 | ---D | M]

[2011/08/10 15:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Extensions
[2012/09/06 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions
[2012/08/22 15:47:06 | 000,000,000 | ---D | M] (Reader) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}
[2012/07/27 18:14:55 | 000,000,000 | ---D | M] (wxDfast) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]
[2012/08/07 13:32:56 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]
[2012/09/06 15:52:30 | 000,527,931 | ---- | M] () (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/07/27 18:06:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/07 13:32:55 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\searchplugins\askcom.xml
[2012/07/17 09:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 09:35:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/06 11:11:39 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/07/13 19:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/06 11:11:17 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/13 19:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 19:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/09/03 18:13:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Terri Ward\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} http://cdn03.oovoo.c...vc/ooVooWeb.dll (ooVooWebCtrl Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F5CF09-2474-4897-82E0-09E2C3D46B26}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Terri Ward\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Terri Ward\Application Data\ZBWallpaper_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/07 14:13:43 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terri Ward\Desktop\OTL.exe
[2012/08/15 08:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/09/07 14:17:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/09/07 14:14:45 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1124392-06BB-4822-85EA-76F1D12BA298}.job
[2012/09/07 14:13:45 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terri Ward\Desktop\OTL.exe
[2012/09/07 14:00:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006UA.job
[2012/09/07 14:00:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/07 13:05:26 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/07 12:56:16 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-708999020-1031966459-3025089908-1006.job
[2012/09/07 12:56:15 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-708999020-1031966459-3025089908-1006.job
[2012/09/07 12:55:25 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2012/09/07 12:55:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/07 12:55:19 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 12:55:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/09/06 15:42:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/04 17:00:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006Core.job
[2012/08/25 18:45:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2012/08/14 18:32:23 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/14 17:15:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/07/29 18:23:10 | 000,172,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/29 17:58:22 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/05/27 17:14:27 | 310,050,816 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Memorial Day 2000.iso
[2012/02/14 19:11:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/12 09:28:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/12/12 09:28:17 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/03 18:53:55 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/03 18:53:55 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/03 18:53:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/03 18:53:18 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/02 10:09:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/30 12:53:53 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Local Settings\Application Data\fusioncache.dat
[2011/04/25 19:28:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/04/23 14:13:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2011/04/23 14:13:20 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2011/04/23 14:13:20 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/04/23 14:13:20 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/04/23 14:13:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/04/23 14:13:20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2011/04/23 14:12:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/04/23 14:11:01 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/04/12 21:42:52 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 01:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/01/03 04:46:29 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\31D977CD03.sys
[2011/01/03 04:46:28 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/11/30 21:54:57 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Application Data\ZBWallpaper_1.bmp
[2010/11/30 21:54:24 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Application Data\ZBWallpaper.bmp
[2010/09/15 17:03:08 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2010/09/15 16:57:12 | 000,000,493 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010/09/14 14:44:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/09/14 14:39:58 | 000,486,528 | ---- | C] () -- C:\Documents and Settings\Terri Ward\TRANSFORMS=1033.mst

========== LOP Check ==========

[2011/08/18 08:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/13 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/08/24 21:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/10/13 21:04:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/07/27 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/07/29 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/12/12 09:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/08/18 08:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/29 18:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/07/27 18:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/04/23 14:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/01/06 01:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/07/30 14:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wxDfast
[2012/07/30 14:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WxDFastUpdater
[2010/09/14 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/10/13 21:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\AVG10
[2010/09/17 11:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\AVG9
[2010/09/17 19:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\ElevatedDiagnostics
[2012/03/04 13:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Foxit Software
[2011/03/04 01:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\imeshbandmltbpi
[2011/08/10 18:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Inbox Toolbar
[2011/04/07 14:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Leadertech
[2011/08/10 11:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\MP3Rocket
[2011/04/16 14:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\ooVoo Details
[2012/07/29 18:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\PCDr
[2011/05/21 17:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Sammsoft
[2012/09/04 17:00:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006Core.job
[2012/09/07 14:00:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006UA.job
[2012/09/07 14:17:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/09/07 14:14:45 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1124392-06BB-4822-85EA-76F1D12BA298}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Gammo
Posted 10 September 2012 - 04:15 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
  • Note: the Extras.txt file only gets created on OTL's first run.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
Apelila
Posted 11 September 2012 - 12:00 PM

Apelila

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
When booting up (about half the time) it stops right before the welcome screen and I have to force it to shut down and try again (sometimes it gives me an orange light and doesn't even try to start up). The monitor seems to hang in a weird screensaver (tried changing settings but the windows screensaver is off and the monitor doesn't seem to have its own). When I log into hotmail it refreshes the page constantly. When I try to search from the startup page (google) it redirects to ask.com. I ran a scan from the eset online scanner, got nothing. Microsoft Security Essentials doesn't seem to think there is anything wrong either.



As before OTL did give me output but it seemed to hang on "Scanning Event Log..." and gave me this error -

Win32 Error. Code: 6.
The handle is invalid.

Here is the OTL.txt there was no Extras.txt


EDIT: Blah I forgot to hit "Scan all users" had to rerun the scan but here it is:

OTL logfile created on: 9/11/2012 1:01:36 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Terri Ward\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.46% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 168.37 Gb Free Space | 73.81% Space Free | Partition Type: NTFS

Computer Name: DFL7YBC1 | User Name: Terri Ward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/11 12:30:08 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terri Ward\Desktop\OTL.exe
PRC - [2012/09/09 14:40:21 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/03 21:12:43 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/06 11:11:06 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/26 02:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/23 01:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/02 01:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/02 01:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/06 01:44:35 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 11:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 08:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/01 17:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
PRC - [2006/02/16 10:20:20 | 001,118,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2005/10/31 11:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/30 22:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/09 14:39:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/27 12:45:41 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/06/14 03:18:22 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/14 03:17:59 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 03:16:16 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:16:01 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/09 03:16:39 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 03:14:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 03:10:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 03:09:05 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 03:08:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/03/30 20:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/23 01:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/02 01:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/02/04 20:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/05/07 20:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 20:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 20:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 20:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 20:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008/04/13 19:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2003/03/20 17:11:02 | 000,073,728 | ---- | M] () -- C:\Program Files\Creative\VoiceCenter\AEWave.ax


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/09 14:40:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 21:12:43 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/27 12:46:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2007/01/06 01:44:35 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/06/01 17:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/09/30 22:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/08/17 16:26:40 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020200}_0)
DRV - [2011/09/16 08:24:26 | 000,070,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2011/09/06 01:55:12 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2011/09/06 01:55:12 | 000,022,272 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetgps.sys -- (AndNetGps)
DRV - [2011/09/06 01:55:10 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2011/04/01 00:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/04/01 00:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 17:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/07 20:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/07/24 11:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/09 16:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 16:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 16:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 16:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 16:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/04 01:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/05/25 03:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 04:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 04:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA C1 17 35 08 D9 CB 01 [binary data]
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes,DefaultScope = {1B9BE7C5-6C76-4623-803A-EA18E5A68269}
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{1B9BE7C5-6C76-4623-803A-EA18E5A68269}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{56FFCC83-7CC4-4DF4-87CF-25884ED3ADE0}: "URL" = http://websearch.ask...80-109970128294
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...n=&geo=US&ver=1
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {20068ab2-1901-4140-9f3c-81207d4dacc4}:3.8
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.4
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYYYUS&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Terri Ward\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/08/18 08:59:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 14:40:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/09 14:39:34 | 000,000,000 | ---D | M]

[2011/08/10 15:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Extensions
[2012/09/06 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions
[2012/08/22 15:47:06 | 000,000,000 | ---D | M] (Reader) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}
[2012/07/27 18:14:55 | 000,000,000 | ---D | M] (wxDfast) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]
[2012/08/07 13:32:56 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]
[2012/09/06 15:52:30 | 000,527,931 | ---- | M] () (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/07/27 18:06:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/09 14:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/09 14:39:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/06 11:11:39 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/09/09 14:40:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/06 11:11:17 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/09/08 09:45:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/08 09:45:37 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/09 14:55:34 | 000,000,056 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006..\Run: [Facebook Update] C:\Documents and Settings\Terri Ward\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F5CF09-2474-4897-82E0-09E2C3D46B26}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Terri Ward\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Terri Ward\Application Data\ZBWallpaper_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/11 12:30:04 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terri Ward\Desktop\OTL.exe
[2012/09/09 14:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/09 13:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2012/09/09 12:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2012/09/09 12:04:41 | 000,000,000 | ---D | C] -- C:\temp
[2012/08/15 08:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/09/11 13:02:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/09/11 13:00:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/11 12:42:59 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1124392-06BB-4822-85EA-76F1D12BA298}.job
[2012/09/11 12:35:18 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/11 12:30:08 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terri Ward\Desktop\OTL.exe
[2012/09/11 12:26:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-708999020-1031966459-3025089908-1006.job
[2012/09/11 12:25:10 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2012/09/11 12:25:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/11 12:25:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/11 12:25:04 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/11 12:25:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/09/09 21:18:24 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-708999020-1031966459-3025089908-1006.job
[2012/09/09 20:00:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006UA.job
[2012/09/09 17:00:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006Core.job
[2012/09/09 12:30:11 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/09 12:30:11 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/25 18:45:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2012/08/14 18:32:23 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/14 17:15:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/09/09 12:30:11 | 000,000,568 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/09 12:30:11 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/07/29 18:23:10 | 000,273,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/29 17:58:22 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/05/27 17:14:27 | 310,050,816 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Memorial Day 2000.iso
[2012/02/14 19:11:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/12 09:28:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/12/12 09:28:17 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/03 18:53:55 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/03 18:53:55 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/03 18:53:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/03 18:53:18 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/02 10:09:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/30 12:53:53 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Local Settings\Application Data\fusioncache.dat
[2011/04/25 19:28:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/04/23 14:13:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2011/04/23 14:13:20 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2011/04/23 14:13:20 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/04/23 14:13:20 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/04/23 14:13:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/04/23 14:13:20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2011/04/23 14:12:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/04/23 14:11:01 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/04/12 21:42:52 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 01:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/01/03 04:46:29 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\31D977CD03.sys
[2011/01/03 04:46:28 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/11/30 21:54:57 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Application Data\ZBWallpaper_1.bmp
[2010/11/30 21:54:24 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Application Data\ZBWallpaper.bmp
[2010/09/15 17:03:08 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2010/09/15 16:57:12 | 000,000,493 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010/09/14 14:44:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/09/14 14:39:58 | 000,486,528 | ---- | C] () -- C:\Documents and Settings\Terri Ward\TRANSFORMS=1033.mst

========== LOP Check ==========

[2011/08/18 08:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/13 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/09/09 16:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/10/13 21:04:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/07/27 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/09/09 13:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/12/12 09:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/08/18 08:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/09 12:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/07/27 18:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/04/23 14:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/01/06 01:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/07/30 14:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wxDfast
[2012/07/30 14:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WxDFastUpdater
[2010/09/14 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/10/13 21:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\AVG10
[2010/09/17 11:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\AVG9
[2010/09/17 19:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\ElevatedDiagnostics
[2012/03/04 13:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Foxit Software
[2011/03/04 01:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\imeshbandmltbpi
[2011/08/10 18:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Inbox Toolbar
[2011/04/07 14:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Leadertech
[2011/08/10 11:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\MP3Rocket
[2011/04/16 14:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\ooVoo Details
[2012/07/29 18:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\PCDr
[2011/05/21 17:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Sammsoft
[2012/09/09 17:00:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006Core.job
[2012/09/09 20:00:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006UA.job
[2012/09/09 12:30:11 | 000,000,568 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/11 13:02:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/09/09 12:30:11 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2012/09/11 12:42:59 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1124392-06BB-4822-85EA-76F1D12BA298}.job

========== Purity Check ==========



< End of report >

Edited by Apelila, 11 September 2012 - 12:05 PM.

  • 0

#4
Gammo
Posted 11 September 2012 - 12:29 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{56FFCC83-7CC4-4DF4-87CF-25884ED3ADE0}: "URL" = http://websearch.ask...80-109970128294
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...n=&geo=US&ver=1
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101703&locale=en_US&apn_uid=cceac34a-2385-4fad-9509-67d336fd1928&apn_ptnrs=F3&apn_sauid=BDBCF5AC-26D1-4451-A080-109970128294&apn_dtid=YYYYYYYYUS&&q="
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
[2012/08/07 13:32:56 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]
[2012/07/27 18:14:55 | 000,000,000 | ---D | M] (wxDfast) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
[2012/09/11 13:02:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2007/01/06 01:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/07/30 14:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wxDfast
[2012/07/30 14:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WxDFastUpdater
[2011/03/04 01:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\imeshbandmltbpi
[2011/08/10 18:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Inbox Toolbar
:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\Ask.com
C:\Program Files\Viewpoint

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Apelila
Posted 13 September 2012 - 12:29 PM

Apelila

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ok I ran ComboFix and here is the output:


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.
Registry value HKEY_USERS\S-1-5-21-708999020-1031966459-3025089908-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-708999020-1031966459-3025089908-1006\Software\Microsoft\Internet Explorer\SearchScopes\{56FFCC83-7CC4-4DF4-87CF-25884ED3ADE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FFCC83-7CC4-4DF4-87CF-25884ED3ADE0}\ not found.
Registry key HKEY_USERS\S-1-5-21-708999020-1031966459-3025089908-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://websearch.ask...YYYYYYYYUS&&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]\searchplugins folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected] folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected]\content folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-708999020-1031966459-3025089908-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\All Users\Application Data\wxDfast\data folder moved successfully.
C:\Documents and Settings\All Users\Application Data\wxDfast folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WxDFastUpdater\downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WxDFastUpdater folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\imeshbandmltbpi folder moved successfully.
C:\Documents and Settings\Terri Ward\Application Data\Inbox Toolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Terri Ward\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Terri Ward\Desktop\cmd.txt deleted successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Program Files\Viewpoint folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 1341650 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Terri Ward
->Temp folder emptied: 4824176 bytes
->Temporary Internet Files folder emptied: 163788086 bytes
->Java cache emptied: 2023 bytes
->FireFox cache emptied: 61038618 bytes
->Flash cache emptied: 57928 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39712057 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 167405253 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1838808 bytes

Total Files Cleaned = 420.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Terri Ward
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.61.3 log created on 09122012_120403

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
Gammo
Posted 13 September 2012 - 01:16 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
That's the output from the OTL fix. Not from the ComboFix scan.

The ComboFix log file should be located at C:\combofix.txt :thumbsup:
  • 0

#7
Apelila
Posted 20 September 2012 - 05:32 PM

Apelila

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Sorry bout that, here it is:

ComboFix 12-09-13.03 - Terri Ward 09/13/2012 13:15:16.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1329 [GMT -5:00]
Running from: c:\documents and settings\Terri Ward\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\c882e61c-ecc2-4db0-9a28-7cbe8bd4876b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\cf3463d8-8828-4f50-98c8-d04ca1fe42f3.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\documents and settings\Terri Ward\Local Settings\Application Data\assembly\tmp
c:\windows\system32\avgfwdx.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 17:15 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81DD40CA-3A2D-4B62-8114-9B4C768AE3B2}\mpengine.dll
2012-09-12 20:34 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-12 17:04 . 2012-09-12 17:04 -------- d-----w- C:\_OTL
2012-09-09 18:49 . 2012-09-09 18:49 -------- d-----w- c:\program files\iolo
2012-09-09 17:04 . 2012-09-09 17:30 -------- d-----w- C:\temp
2012-09-04 02:13 . 2012-09-04 02:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-04 02:12 . 2012-09-04 02:12 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-15 13:21 . 2012-08-15 13:21 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 22:04 . 2012-07-21 23:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 02:12 . 2011-12-14 15:33 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-04 02:12 . 2011-04-09 00:46 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 17:46 . 2012-04-20 15:06 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 17:46 . 2011-05-20 06:16 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 22:58 . 2012-07-29 22:58 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-07-06 13:58 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2005-08-16 10:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2012-09-09 19:40 . 2012-09-09 19:39 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"Facebook Update"="c:\documents and settings\Terri Ward\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-06 296096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1392" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-6 24576]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2011-4-23 819200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
2006-06-29 05:12 1355042 ----a-w- c:\windows\system32\CTMBHA.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Documents and Settings\\Terri Ward\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [8/18/2011 8:59 AM 130000]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 428640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [3/26/2012 8:29 AM 1262400]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/20/2012 10:06 AM 250568]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [12/12/2011 9:31 AM 23040]
S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [12/12/2011 9:31 AM 22272]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [12/12/2011 9:31 AM 27776]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [12/12/2011 9:31 AM 70400]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 11:13 AM 114144]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:46]
.
2012-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006Core.job
- c:\documents and settings\Terri Ward\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-22 21:55]
.
2012-09-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006UA.job
- c:\documents and settings\Terri Ward\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-22 21:55]
.
2012-09-13 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-09-09 05:33]
.
2012-09-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-09-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-708999020-1031966459-3025089908-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-08-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-09-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-708999020-1031966459-3025089908-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-09-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-09-09 05:33]
.
2012-09-13 c:\windows\Tasks\User_Feed_Synchronization-{C1124392-06BB-4822-85EA-76F1D12BA298}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\documents and settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 13:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-09-13 13:22:38
ComboFix-quarantined-files.txt 2012-09-13 18:22
.
Pre-Run: 181,334,003,712 bytes free
Post-Run: 181,276,876,800 bytes free
.
- - End Of File - - 2890901B361375D9901459D6A71C4FA4
  • 0

#8
Gammo
Posted 21 September 2012 - 04:32 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


How is your PC running now? :)
  • 0

#9
Apelila
Posted 21 September 2012 - 10:41 AM

Apelila

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Here is the MBAM log:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Terri Ward :: DFL7YBC1 [administrator]

9/21/2012 11:04:39 AM
mbam-log-2012-09-21 (11-04-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233715
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



It still redirects to ask.com. I'm now having NON-related modem issues so give me a little time please. I will have to restart it a few times and see how it goes and get back to you.

Thanks
  • 0

#10
Gammo
Posted 22 September 2012 - 01:08 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
We need to create an OTL Report
Run OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
  • Note: the Extras.txt file only gets created on OTL's first run.

(Don't worry if OTL doesn't create the Extras.txt file)
  • 0

Advertisements

#11
Apelila
Posted 24 September 2012 - 07:40 AM

Apelila

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
It seems to be starting up without problems but the search is still redirecting. Also still getting the error from OTL

Win32 Error. Code: 6.
The handle is invalid.

Here is the log:

OTL logfile created on: 9/24/2012 8:26:26 AM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Terri Ward\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.34% Memory free
3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 169.38 Gb Free Space | 74.25% Space Free | Partition Type: NTFS

Computer Name: DFL7YBC1 | User Name: Terri Ward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/11 12:30:08 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terri Ward\Desktop\OTL.exe
PRC - [2012/09/03 21:12:43 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/06 11:11:06 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/26 02:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/23 01:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/02 01:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/02 01:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/06 01:44:35 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 11:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 08:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/01 17:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
PRC - [2006/02/16 10:20:20 | 001,118,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2005/10/31 11:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/30 22:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:18:22 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/14 03:17:59 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 03:16:16 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:16:01 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/09 03:16:39 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 03:14:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 03:10:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 03:09:05 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 03:08:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/03/30 20:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/23 01:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/02 01:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/02/04 20:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/05/07 20:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 20:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 20:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 20:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 20:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008/04/13 19:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2003/03/20 17:11:02 | 000,073,728 | ---- | M] () -- C:\Program Files\Creative\VoiceCenter\AEWave.ax


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/09 14:40:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 21:12:43 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/27 12:46:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/01 00:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2007/01/06 01:44:35 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/06/01 17:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/09/30 22:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TERRIW~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2011/09/16 08:24:26 | 000,070,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2011/09/06 01:55:12 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2011/09/06 01:55:12 | 000,022,272 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetgps.sys -- (AndNetGps)
DRV - [2011/09/06 01:55:10 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2011/04/01 00:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/04/01 00:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 17:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/07 20:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/07/24 11:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/09 16:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/09 16:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/09 16:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/09 16:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/09 16:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/04 01:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/05/25 03:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 04:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 04:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070106
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA C1 17 35 08 D9 CB 01 [binary data]
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes,DefaultScope = {1B9BE7C5-6C76-4623-803A-EA18E5A68269}
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{1B9BE7C5-6C76-4623-803A-EA18E5A68269}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {20068ab2-1901-4140-9f3c-81207d4dacc4}:3.8
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.5
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Terri Ward\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/08/18 08:59:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/06 11:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 14:40:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/09 14:39:34 | 000,000,000 | ---D | M]

[2011/08/10 15:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Extensions
[2012/09/13 13:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions
[2012/08/22 15:47:06 | 000,000,000 | ---D | M] (Reader) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}
[2012/09/13 13:22:56 | 000,527,915 | ---- | M] () (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/07/27 18:06:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/09 14:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/09 14:39:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/06 11:11:39 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/09/09 14:40:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/06 11:11:17 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/09/08 09:45:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/08 09:45:37 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/13 13:20:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006..\Run: [Facebook Update] C:\Documents and Settings\Terri Ward\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-708999020-1031966459-3025089908-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F5CF09-2474-4897-82E0-09E2C3D46B26}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Terri Ward\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Terri Ward\Application Data\ZBWallpaper_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 13:38:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/13 13:13:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/13 13:13:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/13 13:13:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/13 13:13:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/13 13:13:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/12 12:04:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/11 12:30:04 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terri Ward\Desktop\OTL.exe
[2012/09/09 14:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/09 13:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2012/09/09 12:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2012/09/09 12:04:41 | 000,000,000 | ---D | C] -- C:\temp

========== Files - Modified Within 30 Days ==========

[2012/09/24 08:25:41 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-708999020-1031966459-3025089908-1006.job
[2012/09/24 08:25:41 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-708999020-1031966459-3025089908-1006.job
[2012/09/24 08:22:34 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1124392-06BB-4822-85EA-76F1D12BA298}.job
[2012/09/24 08:21:11 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2012/09/24 08:21:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/24 08:21:06 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 08:21:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/09/24 01:00:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/23 23:00:44 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006UA.job
[2012/09/23 17:00:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006Core.job
[2012/09/23 15:39:27 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/23 13:01:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/09/23 11:46:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/13 13:20:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/11 21:39:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/11 12:30:08 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terri Ward\Desktop\OTL.exe
[2012/09/09 12:30:11 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/25 18:45:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

========== Files Created - No Company Name ==========

[2012/09/13 13:13:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/13 13:13:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/13 13:13:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/13 13:13:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/13 13:13:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/09 12:30:11 | 000,000,568 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/09 12:30:11 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/07/29 18:23:10 | 000,444,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/07/29 17:58:22 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/05/27 17:14:27 | 310,050,816 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Memorial Day 2000.iso
[2012/02/14 19:11:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/12 09:28:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/12/12 09:28:17 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/09/03 18:53:55 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/03 18:53:55 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/03 18:53:55 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/03 18:53:18 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/02 10:09:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/30 12:53:53 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Local Settings\Application Data\fusioncache.dat
[2011/04/25 19:28:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/04/23 14:13:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2011/04/23 14:13:20 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2011/04/23 14:13:20 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/04/23 14:13:20 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/04/23 14:13:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/04/23 14:13:20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2011/04/23 14:12:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/04/23 14:11:01 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/04/12 21:42:52 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 01:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/01/03 04:46:29 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\31D977CD03.sys
[2011/01/03 04:46:28 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/11/30 21:54:57 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Application Data\ZBWallpaper_1.bmp
[2010/11/30 21:54:24 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Terri Ward\Application Data\ZBWallpaper.bmp
[2010/09/14 14:39:58 | 000,486,528 | ---- | C] () -- C:\Documents and Settings\Terri Ward\TRANSFORMS=1033.mst

========== LOP Check ==========

[2011/08/18 08:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/13 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/09/24 08:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/10/13 21:04:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/07/27 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/09/09 13:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/12/12 09:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/08/18 08:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/13 15:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/07/27 18:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/04/23 14:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/14 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/10/13 21:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\AVG10
[2010/09/17 11:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\AVG9
[2010/09/17 19:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\ElevatedDiagnostics
[2012/03/04 13:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Foxit Software
[2011/04/07 14:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Leadertech
[2011/08/10 11:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\MP3Rocket
[2011/04/16 14:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\ooVoo Details
[2012/07/29 18:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\PCDr
[2011/05/21 17:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri Ward\Application Data\Sammsoft
[2012/09/23 17:00:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006Core.job
[2012/09/23 23:00:44 | 000,001,018 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-708999020-1031966459-3025089908-1006UA.job
[2012/09/09 12:30:11 | 000,000,568 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/23 13:01:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2012/09/24 08:22:34 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1124392-06BB-4822-85EA-76F1D12BA298}.job

========== Purity Check ==========



< End of report >
  • 0

#12
Gammo
Posted 24 September 2012 - 11:39 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • XP users, double click the adwcleaner.exe file to run AdwCleaner. (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[R1].txt

  • 0

#13
Apelila
Posted 25 September 2012 - 01:05 PM

Apelila

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Well, it doesn't ask to reboot but it did produce a log... I ran it twice because the first time I realized I did not close Firefox. Here is the log:


# AdwCleaner v2.003 - Logfile created 09/25/2012 at 14:00:24
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Terri Ward - DFL7YBC1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Terri Ward\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\Premium
Folder Found : C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\extensions\staged
Folder Found : C:\Documents and Settings\Terri Ward\Local Settings\Application Data\AskToolbar
Folder Found : C:\Program Files\Inbox Toolbar
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\prefs.js

Found : user_pref("extensions.50131dfd9e5b7.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...]
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[R1].txt - [5186 octets] - [25/09/2012 13:59:57]
AdwCleaner[R2].txt - [5117 octets] - [25/09/2012 14:00:24]

########## EOF - C:\AdwCleaner[R2].txt - [5177 octets] ##########
  • 0

#14
Gammo
Posted 28 September 2012 - 06:24 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I'm sorry for my late response. I didn't get notified of your reply for some reason.


Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post it
  • 0

#15
Apelila
Posted 28 September 2012 - 09:55 AM

Apelila

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I ran it but it still redirects. Here is the log:

# AdwCleaner v2.003 - Logfile created 09/28/2012 at 10:50:06
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Terri Ward - DFL7YBC1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Terri Ward\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\Terri Ward\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\prefs.js

Deleted : user_pref("extensions.50131dfd9e5b7.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...]
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[R1].txt - [5186 octets] - [25/09/2012 13:59:57]
AdwCleaner[R2].txt - [5246 octets] - [25/09/2012 14:00:24]
AdwCleaner[S1].txt - [5566 octets] - [28/09/2012 10:50:06]

########## EOF - C:\AdwCleaner[S1].txt - [5626 octets] ##########
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP