[Inactive] Browser Redirect From Google Results

Welcome to 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.

Start new topics and reply to others
Subscribe to topics and forums to get automatic updates
Add events to our community calendar
Get your own profile and make new friends
Customize your experience here

Page 1 of 1

You cannot start a new topic
This topic is locked

[Inactive] Browser Redirect From Google Results IE google results link redirect!!!

#1 CountChris

Newbie Member

Group: Member
Posts: 2
Joined: 29-January 10

Posted 29 January 2010 - 10:53 AM

Hi there,

I have what seems like a pretty common problem with no easy answer.

My browser redirects from google (and other engines) results. IE also crashes when google page is open. From what I have read on this and other forums it seems people are calling this a goored type virus?

I have run through the "do this first" instructions and have copied the OTL results below (it seems kinda long...have I done it right?)

BUT -- GMER will not complete the scan. It gets frozen (and freezes the whole machine) while scanning ../drivers/disk.sys so I have not been able to copy the results of this scan. I have copied the text that appears when GMER opens but I dont think this is what you need is it?

Is there anything I can do??? I am tearing my hair out with this one. I am not the most computer savvy character so any help would be so appreciated.

Cheers
Jen

OTL logfile created on: 1/29/2010 12:45:10 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\jenni rowe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 327.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.70 Gb Total Space | 68.85 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
Drive D: | 584.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENS
Current User Name: jenni rowe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/29 00:43:14 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jenni rowe\Desktop\OTL.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 10:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/26 17:26:16 | 07,308,800 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\UIMain.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/08 15:30:12 | 00,091,648 | ---- | M] () -- C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
PRC - [2008/04/14 08:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/05 14:16:39 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/08/17 11:09:24 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/23 09:45:34 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2006/11/23 09:45:20 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/10/11 12:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2002/05/10 12:50:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/01/29 00:43:14 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jenni rowe\Desktop\OTL.exe
MOD - [2008/04/14 08:12:08 | 00,151,040 | ---- | M] () -- C:\WINDOWS\urefobawut.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/01/11 07:14:26 | 00,822,048 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\Temp\0105981264623685mcinst.exe -- (0105981264623685mcinstcleanup) McAfee Application Installer Cleanup (0105981264623685)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 10:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/08/19 17:32:56 | 01,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2006/11/23 09:45:34 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/11/05 11:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 11:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/10/11 12:37:24 | 00,430,080 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2002/05/10 12:50:04 | 00,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/01/05 16:43:38 | 00,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/11/08 21:02:38 | 00,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/11/08 21:02:24 | 00,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/04/14 02:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 02:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/11/23 09:45:24 | 00,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/11 12:43:56 | 01,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/22 11:47:52 | 00,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/09/22 11:06:26 | 01,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 13:55:16 | 00,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 00,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/24 03:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 11:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/01 07:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/05 04:57:08 | 00,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 23:58:14 | 00,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/02/05 16:30:42 | 00,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5070810
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5070810

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5070810
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/02/05 14:17:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DC16D17D-C041-41AE-98E5-30513F8FA33B}: C:\Documents and Settings\jenni rowe\Local Settings\Application Data\{DC16D17D-C041-41AE-98E5-30513F8FA33B}
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/02/05 14:17:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 04:34:16 | 00,000,000 | ---D | M]

[2008/02/05 14:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jenni rowe\Application Data\Mozilla\Firefox\Profiles\6quf75kj.default\extensions
[2008/02/05 14:15:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/05 14:15:42 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/02/05 14:15:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/02/05 14:15:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/10/11 16:04:58 | 00,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 16:04:59 | 00,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 16:05:03 | 00,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 16:05:03 | 00,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 16:04:58 | 00,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (PrimoAdsForYou) - {D35DA2A5-1D09-03BB-FE6E-C569BE05CFA0} - C:\Program Files\PrimoAdsForYou\PrimoAdsForYou.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Tpebiyayidadot] C:\WINDOWS\urefobawut.DLL ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\jenni rowe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jenni rowe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Unwired Launchpad.lnk - C:\Program Files\Unwired\UwSCT.exe - (Unwired Australia Pty Limited)
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - StartUpReg: CTSVolFE.exe - hkey= - key= - C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: ModemOnHold - hkey= - key= - C:\Program Files\NetWaiting\netwaiting.exe ()
MsConfig - StartUpReg: MskAgentexe - hkey= - key= - C:\Program Files\McAfee\MSK\MskAgent.exe File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (68683287341563904)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 00:43:09 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jenni rowe\Desktop\OTL.exe
[2010/01/29 00:41:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/29 00:40:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jenni rowe\Desktop\erunt
[2010/01/29 00:35:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jenni rowe\Desktop\SysRestorePoint_v12
[2010/01/28 22:01:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jenni rowe\Application Data\AVG8
[2010/01/28 06:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jenni rowe\Application Data\McAfee
[2010/01/27 03:59:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/12 21:51:36 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/11 19:18:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/01/06 16:30:27 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/01/06 16:30:27 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2010/01/06 16:28:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/01/06 16:28:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/06 16:27:16 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/01/06 16:27:16 | 00,040,448 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2010/01/06 08:21:23 | 93,234,472 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\jenni rowe\Desktop\iTunesSetup.exe
[2010/01/06 04:29:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/01/06 04:29:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jenni rowe\Local Settings\Application Data\Apple
[2010/01/06 04:29:28 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/01/06 04:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/02 14:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/10/12 08:44:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/08/10 23:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2004/08/10 13:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/10 12:57:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/29 00:43:14 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jenni rowe\Desktop\OTL.exe
[2010/01/29 00:39:23 | 00,513,320 | ---- | M] () -- C:\Documents and Settings\jenni rowe\Desktop\erunt.zip
[2010/01/29 00:35:13 | 00,007,180 | ---- | M] () -- C:\Documents and Settings\jenni rowe\Desktop\SysRestorePoint_v12.zip
[2010/01/29 00:08:55 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\jenni rowe\ntuser.dat
[2010/01/28 23:29:53 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Grupimifet.dat
[2010/01/28 18:24:39 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/28 18:24:39 | 00,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/28 18:24:39 | 00,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/28 18:21:23 | 00,012,917 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/28 18:20:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/28 18:20:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/28 18:19:57 | 93,747,2000 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/28 06:38:48 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2010/01/28 00:28:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Rdurew.bin
[2010/01/28 00:13:44 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/27 02:33:46 | 00,008,192 | ---- | M] () -- C:\kkalf.exe
[2010/01/25 19:18:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/23 03:37:40 | 00,045,944 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/23 03:10:20 | 02,957,312 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/23 03:10:20 | 01,460,224 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/15 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/13 03:04:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 23:37:57 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\jenni rowe\Desktop\Dear Clients.doc
[2010/01/06 16:33:55 | 00,056,376 | ---- | M] () -- C:\Documents and Settings\jenni rowe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/06 08:22:03 | 93,234,472 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\jenni rowe\Desktop\iTunesSetup.exe
[2010/01/06 04:33:47 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/06 04:31:32 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/06 04:31:32 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/02 19:23:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/01 01:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/29 00:39:22 | 00,513,320 | ---- | C] () -- C:\Documents and Settings\jenni rowe\Desktop\erunt.zip
[2010/01/29 00:35:13 | 00,007,180 | ---- | C] () -- C:\Documents and Settings\jenni rowe\Desktop\SysRestorePoint_v12.zip
[2010/01/28 06:38:48 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2010/01/27 06:06:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Rdurew.bin
[2010/01/27 06:06:39 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Grupimifet.dat
[2010/01/27 02:32:57 | 00,008,192 | ---- | C] () -- C:\kkalf.exe
[2010/01/23 03:37:40 | 00,045,944 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/11 23:37:57 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\jenni rowe\Desktop\Dear Clients.doc
[2010/01/06 16:30:37 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/06 04:33:47 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/01/06 04:31:32 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/06 04:31:32 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/06 04:29:39 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/06/03 15:40:26 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/05 14:19:00 | 00,000,866 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/04 10:48:17 | 00,001,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/19 11:19:27 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\jenni rowe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/19 10:19:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/16 07:00:34 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\jenni rowe\Application Data\wklnhst.dat
[2007/08/16 06:33:49 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\jenni rowe\Local Settings\Application Data\fusioncache.dat
[2007/08/10 23:38:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/10 23:28:50 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/08/10 23:28:50 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/10 23:19:59 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/08/10 23:19:57 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/08/10 22:53:10 | 00,001,164 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 11:25:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:27 | 00,151,040 | ---- | C] () -- C:\WINDOWS\urefobawut.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/11/25 09:12:54 | 35,124,856 | ---- | M] ( ) -- C:\AdbeRdr90_en_US.exe
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/10/12 12:59:50 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/08/10 22:56:18 | 00,006,274 | RH-- | M] () -- C:\dell.sdr
[2008/10/10 19:10:31 | 00,104,630 | ---- | M] () -- C:\ForensicPsychiatric.pdf
[2010/01/28 18:19:57 | 93,747,2000 | -HS- | M] () -- C:\hiberfil.sys
[2007/08/16 07:36:43 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/08/10 23:33:29 | 00,000,308 | -H-- | M] () -- C:\IPH.PH
[2008/07/13 11:15:29 | 00,005,934 | ---- | M] () -- C:\join.htm
[2010/01/27 02:33:46 | 00,008,192 | ---- | M] () -- C:\kkalf.exe
[2008/07/13 11:58:25 | 04,898,144 | ---- | M] (Lime Wire LLC) -- C:\LimeWireWin.exe
[2008/11/25 08:41:28 | 00,102,030 | ---- | M] () -- C:\menu_web_04-08-08.pdf
[2004/08/10 13:04:08 | 00,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/09/30 18:44:07 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/28 18:19:54 | 14,092,86144 | -HS- | M] () -- C:\pagefile.sys
[2008/09/15 11:44:44 | 00,008,274 | ---- | M] () -- C:\signup.htm

< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/09/30 18:37:53 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/09/30 18:37:53 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/30 18:37:53 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/30 18:37:53 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/07 02:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\My Documents\writing:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\My Documents\wedding:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\My Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\My Documents\JOBS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\My Documents\Cyberlink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\My Documents\Common-Use Signing Interface:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\Desktop\Tax n Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\Desktop\SysRestorePoint_v12:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\Desktop\my stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\Desktop\Incomplete:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\jenni rowe\Desktop\erunt:Roxio EMC Stream
< End of report >

OTL Extras logfile created on: 1/29/2010 12:45:14 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\jenni rowe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 327.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.70 Gb Total Space | 68.85 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
Drive D: | 584.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENS
Current User Name: jenni rowe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{20E12FE5-AF25-42B5-8EEE-3D0FFDEEA32A}" = Unwired
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42CFD768-94A5-4C0D-A49A-88B536BAC551}" = FileNet Desktop eForms
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}" = SigmaTel MSCN Audio Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = 3 Mobile Broadband
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6963450-7577-4049-8793-2B66B85237C1}" = ATI Catalyst Control Center
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"America Online au" = AOL Australia
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Common-Use Signing Interface" = Common-Use Signing Interface
"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
"e-Record 6" = e-Record 6
"e-Record Tutorial" = e-Record Tutorial
"e-tax 2008" = e-tax 2008
"Google Desktop" = Google Desktop
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 4.18.3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MIXERLITE" = Mixer
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSC" = McAfee SecurityCenter
"net" = Advertisement Service
"PlayMP3" = PlayMP3z
"PrimoAdsForYou" = PrimoAdsForYou
"RealPlayer 6.0" = RealPlayer
"Record Keeping Evaluation Tool" = Record Keeping Evaluation Tool
"SearchAssist" = SearchAssist
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tax Withheld Calculator" = Tax Withheld Calculator
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/1/2009 11:01:24 PM | Computer Name = JENS | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/28/2010 8:52:09 AM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/28/2010 8:52:09 AM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/28/2010 10:45:25 AM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/28/2010 10:45:25 AM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/28/2010 11:28:18 AM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/28/2010 11:28:18 AM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/28/2010 12:01:04 PM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/28/2010 12:01:04 PM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/28/2010 12:01:08 PM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

Error - 1/28/2010 12:01:08 PM | Computer Name = JENS | Source = ati2mtag | ID = 43015
Description = I2c return failed

< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-29 01:37:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JENNIR~1\LOCALS~1\Temp\pxtdypoc.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB6FB878A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB6FB8821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB6FB8738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB6FB874C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB6FB8835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB6FB8861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB6FB88CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB6FB88B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB6FB87CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB6FB88FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB6FB880D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB6FB8710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB6FB8724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB6FB879E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB6FB8937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB6FB88A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB6FB888D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB6FB884B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB6FB8923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB6FB890F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB6FB8776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB6FB8762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB6FB8877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB6FB87F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB6FB88E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB6FB87E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB6FB87B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 852BC856

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Back to top of the page up there ^
MultiQuote
Reply

#2 Rorschach112

Scratch

Group: Administrator
Posts: 1719
Joined: 30-April 08

Posted 29 January 2010 - 02:30 PM

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2008/04/14 08:12:08 | 00,151,040 | ---- | M] () -- C:\WINDOWS\urefobawut.dll
O4 - HKLM..\Run: [Tpebiyayidadot] C:\WINDOWS\urefobawut.DLL ()
O33 - MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
[2010/01/27 02:33:46 | 00,008,192 | ---- | M] () -- C:\kkalf.exe
[2010/01/27 06:06:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Rdurew.bin
[2010/01/27 06:06:39 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Grupimifet.dat

:Files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:Services

:Reg



:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix\ComboFix.txt log in your next reply.

Back to top of the page up there ^
MultiQuote
Reply

#3 CountChris

Newbie Member

Group: Member
Posts: 2
Joined: 29-January 10

Posted 30 January 2010 - 03:51 AM

Hi again,

Thanks for the quick reply and all the help so far! The fact that you people exist is a god-send to the vast computer illiterate masses!

I have run the programs as recommended and have posted the logs below.

Cheers
Chris

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Tpebiyayidadot deleted successfully.
C:\WINDOWS\urefobawut.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d4fa3e0-45ca-11dd-9cf2-00038a000015}\ not found.
File F:\Autorun.exe not found.
C:\kkalf.exe moved successfully.
C:\WINDOWS\Rdurew.bin moved successfully.
C:\WINDOWS\Grupimifet.dat moved successfully.
========== FILES ==========
File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\atapi.sys
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: jenni rowe
->Temp folder emptied: 712360728 bytes
->Temporary Internet Files folder emptied: 123981741 bytes
->Java cache emptied: 1252949 bytes
->FireFox cache emptied: 3549442 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2596588 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 555185 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7765786 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 4712062 bytes
RecycleBin emptied: 1175541919 bytes

Total Files Cleaned = 1,938.00 mb

OTL by OldTimer - Version 3.1.27.0 log created on 01292010_183630

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcafee_ACNSgsrB4V29VbC not found!
File\Folder C:\WINDOWS\temp\mcmsc_GalTgb6AOa8pOzN not found!
File\Folder C:\WINDOWS\temp\mcmsc_skcCmTsgqEeXued not found!
File\Folder C:\WINDOWS\temp\mcmsc_Y8EgQ1AHH3w12V1 not found!
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GCIG8A7K\google_com_au[1].txt moved successfully.
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GCIG8A7K\slot504[1].txt not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1ROEY43X\ad[2].php not found!

Registry entries deleted on Reboot...

GooredFix by jpshortstuff (08.01.10.1)
Log created at 18:48 on 29/01/2010 (jenni rowe)
Firefox version 2.0 (en-US)

========== GooredScan ==========

(none)
Removing Orphan:
"{DC16D17D-C041-41AE-98E5-30513F8FA33B}"="C:\Documents and Settings\jenni rowe\Local Settings\Application Data\{DC16D17D-C041-41AE-98E5-30513F8FA33B}" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{15480162-A2FF-46CB-A8CE-E47618B1CEAE} -> Success!
Deleting C:\Documents and Settings\jenni rowe\Local Settings\Application Data\{15480162-A2FF-46CB-A8CE-E47618B1CEAE} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
real-networks@partners.mozilla.com [06:15 05/02/2008]
talkback@mozilla.org [06:15 05/02/2008]
{3112ca9c-de6d-4884-a869-9855de68056c} [06:15 05/02/2008]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:15 05/02/2008]

C:\Documents and Settings\jenni rowe\Application Data\Mozilla\Firefox\Profiles\6quf75kj.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [06:17 05/02/2008]

-=E.O.F=-

ComboFix 10-01-29.05 - jenni rowe 01/29/2010 20:16:11.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.426 [GMT 8:00]
Running from: c:\documents and settings\jenni rowe\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jenni rowe\Start Menu\Programs\PlayMP3z
c:\documents and settings\jenni rowe\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif
c:\program files\PlayMP3z
c:\program files\PlayMP3z\PlayMP3.exe
c:\program files\PlayMP3z\uninstall.exe
c:\windows\system32\spool\prtprocs\w32x86\0000529f.tmp

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-29 10:36 . 2010-01-29 10:36 -------- d-----w- C:\_OTL
2010-01-28 14:01 . 2010-01-28 14:01 -------- d-----w- c:\documents and settings\jenni rowe\Application Data\AVG8
2010-01-27 22:39 . 2010-01-27 22:39 -------- d-----w- c:\documents and settings\jenni rowe\Application Data\McAfee
2010-01-22 19:37 . 2010-01-22 19:37 45944 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-12 13:51 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 11:18 . 2010-01-11 11:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-06 08:30 . 2009-05-18 06:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-06 08:30 . 2008-04-17 05:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-06 08:28 . 2010-01-06 08:28 -------- d-----w- c:\program files\iPod
2010-01-06 08:28 . 2010-01-06 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-06 08:27 . 2009-08-28 11:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-06 08:27 . 2009-08-28 11:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-05 20:29 . 2010-01-06 08:28 -------- d-----w- c:\program files\Common Files\Apple
2010-01-05 20:29 . 2010-01-05 20:29 -------- d-----w- c:\documents and settings\jenni rowe\Local Settings\Application Data\Apple
2010-01-05 20:29 . 2010-01-05 20:29 -------- d-----w- c:\program files\Apple Software Update
2010-01-05 20:29 . 2010-01-05 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 12:25 . 2009-07-18 04:37 -------- d-----w- c:\program files\3 Mobile Broadband
2010-01-29 10:36 . 2004-08-03 14:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-29 10:36 . 2004-08-03 14:59 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-01-29 00:38 . 2007-08-10 15:29 -------- d-----w- c:\program files\McAfee
2010-01-27 22:38 . 2007-08-10 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-06 08:56 . 2008-07-04 12:30 -------- d-----w- c:\documents and settings\jenni rowe\Application Data\Apple Computer
2010-01-06 08:55 . 2008-07-04 12:27 -------- d-----w- c:\program files\iTunes
2010-01-06 08:33 . 2007-08-15 22:33 56376 ----a-w- c:\documents and settings\jenni rowe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 08:27 . 2007-09-05 09:07 -------- d-----w- c:\program files\Bonjour
2010-01-05 21:18 . 2007-09-05 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-05 20:33 . 2007-09-05 09:05 -------- d-----w- c:\program files\QuickTime
2009-12-26 08:11 . 2007-11-03 06:17 -------- d-----w- c:\documents and settings\jenni rowe\Application Data\LimeWire
2009-12-21 19:14 . 2004-08-10 04:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2004-08-10 04:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 09:07 . 2009-11-12 09:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2006-10-11 08:04 . 2008-02-05 06:15 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-02-05 06:15 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-02-05 06:15 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-02-05 06:15 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-02-05 06:15 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D35DA2A5-1D09-03BB-FE6E-C569BE05CFA0}]
2009-07-23 18:16 155136 ----a-w- c:\program files\PrimoAdsForYou\PrimoAdsForYou.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-05 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-10-08 91648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-28 1218008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli mgcfvb.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Unwired Launchpad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Unwired Launchpad.lnk
backup=c:\windows\pss\Unwired Launchpad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 02:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2006-11-23 01:45 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
2005-02-23 07:57 57344 ------w- c:\program files\Creative\Mixer\CTSVolFE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-02-20 04:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-28 13:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 12:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-08-19 09:32 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-03 21:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 03:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 03:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-09 18:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-03 21:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-03 21:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-03 21:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 15:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-02-05 06:16 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 01:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 03:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-09-22 03:06 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 05:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-17 03:09 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-09-22 03:47 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 0154681264725520mcinstcleanup;McAfee Application Installer Cleanup (0154681264725520);c:\windows\TEMP\015468~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\015468~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [7/18/2009 12:37 PM 7680]
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2010-01-14 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-10 04:22]

2009-12-31 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-10 04:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\jenni rowe\Application Data\Mozilla\Firefox\Profiles\6quf75kj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(888)
c:\windows\mgcfvb.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2064)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\mgcfvb.dll
c:\windows\system32\webcheck.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\program files\3 Mobile Broadband\UIMain.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2010-01-29 20:30:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-29 12:30

Pre-Run: 75,752,828,928 bytes free
Post-Run: 75,635,044,352 bytes free

- - End Of File - - 735A6105E07793466FB78E3E29D3EA01

Back to top of the page up there ^
MultiQuote
Reply

#4 Rorschach112

Scratch

Group: Administrator
Posts: 1719
Joined: 30-April 08

Posted 30 January 2010 - 02:48 PM

hi

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Back to top of the page up there ^
MultiQuote
Reply

#5 Rorschach112

Scratch

Group: Administrator
Posts: 1719
Joined: 30-April 08

Posted 03 February 2010 - 08:18 PM

This thread is being closed due to inactivity. If you would like it to be reopened please contact me or another member of the Moderating Team.

As always, we thank you for using 247fixes. Thank you, and have a great day!

Back to top of the page up there ^
MultiQuote
Reply

Page 1 of 1

You cannot start a new topic
This topic is locked

247fixes PC Help Forum: [Inactive] Browser Redirect From Google Results - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

[Inactive] Browser Redirect From Google Results IE google results link redirect!!!

#1 CountChris

#2 Rorschach112

#3 CountChris

#4 Rorschach112

#5 Rorschach112

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

247fixes PC Help Forum: [Inactive] Browser Redirect From Google Results - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

[Inactive] Browser Redirect From Google Results IE google results link redirect!!!

#1 CountChris

#2 Rorschach112

#3 CountChris

#4 Rorschach112

#5 Rorschach112

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users