[Inactive] google redirect virus - Page 2
Page 2 of 5 FirstFirst 1234 ... LastLast
Results 16 to 30 of 61

Thread: [Inactive] google redirect virus

  1. #16
    Join Date
    Nov 2005
    Posts
    162

    next log

    did as you said heres the log. what next

    ComboFix 12-06-21.03 - Mary Forgione 06/22/2012 12:27:17.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.471 [GMT -4:00]
    Running from: c:\documents and settings\Mary Forgione\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Mary Forgione\Desktop\cfscript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\windows\system32\drivers\axijmkwc.sys"
    "c:\windows\system32\drivers\frahugpl.sys"
    "c:\windows\system32\drivers\gghcyyvs.sys"
    "c:\windows\system32\drivers\msgxxslg.sys"
    "c:\windows\system32\drivers\ooertbom.sys"
    "c:\windows\system32\drivers\tbdjgeud.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MPKSLECF76EB8
    -------\Service_axijmkwc
    -------\Service_frahugpl
    -------\Service_gghcyyvs
    -------\Service_msgxxslg
    -------\Service_ooertbom
    -------\Service_tbdjgeud
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-22 10:00 . 2012-06-22 10:01 -------- d-----w- c:\windows\LastGood.Tmp
    2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\VS Revo Group
    2012-06-21 01:48 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\program files\VS Revo Group
    2012-06-20 14:15 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\mpengine.dll
    2012-06-18 03:29 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-14 03:15 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-06-12 21:53 . 2012-06-12 21:53 -------- d-----w- C:\found.000
    2012-06-10 04:29 . 2012-06-10 04:32 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-10 04:18 . 2012-06-10 04:18 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-10 03:27 . 2012-05-11 15:08 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-06-10 03:27 . 2012-05-11 15:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-06-10 03:27 . 2012-05-11 15:14 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-06-10 03:25 . 2012-02-28 15:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-06-10 03:25 . 2012-02-28 15:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-06-10 03:25 . 2012-04-23 16:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-06-10 03:25 . 2012-04-23 16:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\DriverCure
    2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\SpeedMaxPc
    2012-06-10 03:08 . 2012-06-10 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
    2012-06-10 02:30 . 2012-06-10 02:30 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\Threat Expert
    2012-06-10 01:57 . 2012-05-08 22:21 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
    2012-06-10 01:57 . 2012-05-08 22:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
    2012-06-10 01:57 . 2012-05-08 22:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
    2012-06-10 01:57 . 2012-05-08 22:21 1681336 ----a-w- c:\windows\PCTBDRes.dll
    2012-06-10 01:57 . 2012-05-08 22:21 767928 ----a-w- c:\windows\BDTSupport.dll
    2012-06-10 01:56 . 2012-06-10 03:27 -------- d-----w- c:\program files\PC Tools
    2012-06-10 01:18 . 2012-06-10 05:07 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-06-10 01:18 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-06-10 01:18 . 2012-06-10 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-06-10 01:18 . 2012-06-10 01:18 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\TestApp
    2012-05-26 04:13 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-26 04:13 . 2012-06-02 19:18 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-25 15:01 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-02 19:19 . 2007-07-31 00:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2004-08-10 18:02 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 19:19 . 2004-08-10 18:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19 . 2004-08-10 18:02 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2007-07-31 00:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2004-08-10 18:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 19:19 . 2004-08-10 18:02 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 19:19 . 2004-08-10 17:50 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 19:19 . 2007-07-31 00:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:19 . 2004-08-10 18:02 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 19:19 . 2004-08-10 18:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-05-31 13:22 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:20 . 2004-08-10 17:51 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-11 14:42 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-08 21:47 . 2012-06-10 01:57 3488 ----a-w- c:\windows\UDB.zip
    2012-05-08 21:47 . 2012-06-10 01:57 131 ----a-w- c:\windows\IDB.zip
    2012-05-04 13:12 . 2004-08-10 17:51 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-04 03:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-04 19:56 . 2010-12-25 18:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-22_02.45.52 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-06-22 03:11 . 2012-06-22 03:11 16384 c:\windows\Temp\Perflib_Perfdata_a4c.dat
    + 2012-06-22 16:44 . 2012-06-22 16:44 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
    + 2012-06-22 10:01 . 2012-06-02 19:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
    + 2012-06-22 10:01 . 2012-06-02 19:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
    + 2004-08-10 18:02 . 2012-06-02 19:19 35864 c:\windows\system32\dllcache\wups.dll
    + 2004-08-10 18:02 . 2012-06-02 19:19 53784 c:\windows\system32\dllcache\wuauclt.exe
    + 2004-08-10 17:50 . 2012-06-02 19:19 97304 c:\windows\system32\dllcache\cdm.dll
    + 2004-08-10 18:02 . 2012-06-02 19:19 210968 c:\windows\system32\dllcache\wuweb.dll
    + 2004-08-10 18:02 . 2012-06-02 19:19 329240 c:\windows\system32\dllcache\wucltui.dll
    + 2004-08-10 18:02 . 2012-06-02 19:19 577048 c:\windows\system32\dllcache\wuapi.dll
    + 2004-08-10 18:02 . 2012-06-02 19:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-05-04 19:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-13 880496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HostManager"="c:\program files\Common Files\AOL\1196384047\ee\AOLSoftware.exe" [2010-03-08 41800]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-04-06 296056]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
    "ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
    backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2007-06-14 01:41 69632 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-07-30 09:40 16384 ----a-w- c:\dell\dsca.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2007-05-24 12:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-08-30 18:11 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1196384047\ee\aolsoftware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2007-06-14 00:21 162584 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2007-06-14 00:21 142104 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
    2007-05-03 18:12 2061816 ----a-w- c:\program files\AT&T\Internet Security Wizard\ISW.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2007-06-14 00:21 138008 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2007-06-14 01:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    2009-12-29 14:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/9/2012 11:25 PM 383368]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/9/2012 11:25 PM 342168]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [6/9/2012 9:18 PM 203088]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [6/9/2012 9:57 PM 575416]
    R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe [4/25/2012 8:00 PM 185856]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [6/9/2012 11:27 PM 402336]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [6/9/2012 9:57 PM 70736]
    S1 MpKsl16804b37;MpKsl16804b37;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/25/2007 6:32 PM 29744]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/20/2012 9:48 PM 27064]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - PCTSDInjDriver32
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
    .
    2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
    .
    2012-06-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
    .
    2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
    .
    2012-06-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
    .
    2012-06-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2012-05-04 19:43]
    .
    2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
    IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
    IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
    Trusted Zone: motive.com\patttbc.att
    TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-22 12:46
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(824)
    c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
    .
    - - - - - - - > 'explorer.exe'(2932)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Dell Network Assistant\hnm_svc.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\program files\PC Tools\PC Tools Security\pctsSvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Common Files\AOL\1196384047\ee\aolupdates.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-22 12:50:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-22 16:50
    ComboFix2.txt 2012-06-22 02:53
    .
    Pre-Run: 33,529,229,312 bytes free
    Post-Run: 33,664,770,048 bytes free
    .
    - - End Of File - - 4B068ACC0B6330FCC2D5146B66D83DF4

  2. #17
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:



    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

  3. #18
    Join Date
    Nov 2005
    Posts
    162

    next combo fix log

    [wrong log]
    Last edited by Broni; June 22nd, 2012 at 10:18 PM.

  4. #19
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You posted Combofix log already.
    Please read my previous reply.

  5. #20
    Join Date
    Nov 2005
    Posts
    162

    stuck otl

    i ran otl with the script you gave. It gets hung up and stops responding while scanning hkey_local_machine\system\current control set\control\device classes\(#'s.....

    please advice. Computer is working better.

  6. #21
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    See if you can run it from safe mode.

  7. #22
    Join Date
    Nov 2005
    Posts
    162

    otl.txt safe mode

    logfile created on: 6/23/2012 11:00:10 PM - Run 1
    OTL by OldTimer - Version 3.2.52.0 Folder = C:\Documents and Settings\Mary Forgione\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.11 Mb Total Physical Memory | 671.99 Mb Available Physical Memory | 66.33% Memory free
    2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.67% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.45 Gb Total Space | 32.29 Gb Free Space | 43.37% Space Free | Partition Type: NTFS

    Computer Name: MARY | User Name: Mary Forgione | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/23 13:24:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
    PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
    PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
    PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/11 11:13:32 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll
    MOD - [2012/05/11 11:13:12 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
    MOD - [2007/08/27 10:41:54 | 000,525,664 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll
    MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2012/04/24 10:33:52 | 000,185,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Protector by IB\ExtensionUpdaterService.exe -- (Protector by IB Updater)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
    SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
    SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys -- (MpKsl16804b37)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/05/11 11:14:20 | 000,203,088 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
    DRV - [2012/05/08 18:21:46 | 000,070,736 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
    DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
    DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2008/07/28 18:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2008/07/28 18:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2007/06/13 21:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/05/28 22:46:08 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2007/05/28 22:46:06 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/05/28 22:46:06 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
    DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
    DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1550
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{C14AC97F-ECB1-4045-A6B6-3FF164008908}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DIC3V5&o=13736&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D6&apn_dtid=YYYYYYYYUS&apn_uid=DA5775AE-E897-47EA-BDFE-C91D50C099E6&apn_sauid=BB92DE34-7668-4DC1-89F7-3193070440EB
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8r2wCsPn&i=26
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{D5926558-0B72-4932-BEC0-C3E019FB6EFA}: "URL" = http://delicious.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{E77AFC67-DC98-4DE2-BEEE-804A860C33C7}: "URL" = http://www.flickr.com/search/?q={searchTerms}
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{F907940E-C6BD-4E3B-B844-BCEA5F4674EE}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll ()
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/05 21:42:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Protector by IB\Firefox [2012/04/25 20:00:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/09 23:28:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/04/29 20:58:08 | 000,000,000 | ---D | M]

    [2012/04/14 13:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Forgione\Application Data\Mozilla\Extensions
    [2012/04/25 20:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2111_0\
    CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2126_0\
    CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/06/22 12:44:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1196384047\ee\aolsoftware.exe (AOL Inc.)
    O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
    O8 - Extra context menu item: &Dictionary - http://files.db3nf.com/scripts/ie.htm File not found
    O8 - Extra context menu item: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm File not found
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O15 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{039BC112-797C-492E-B17E-B2194D804BFC}: DhcpNameServer = 167.206.251.130 167.206.251.129
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/23 13:23:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
    [2012/06/22 13:00:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/06/21 21:28:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/06/21 21:25:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/06/21 21:25:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/06/21 21:25:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/06/21 21:25:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/06/20 21:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\VS Revo Group
    [2012/06/20 21:48:48 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
    [2012/06/20 21:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
    [2012/06/20 21:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/06/20 21:47:57 | 007,902,008 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Mary Forgione\Desktop\RevoUninProSetup.exe
    [2012/06/19 22:29:49 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe
    [2012/06/19 22:07:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/19 22:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/06/19 22:01:01 | 004,565,264 | R--- | C] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\ComboFix.exe
    [2012/06/13 22:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\dds.scr
    [2012/06/13 22:45:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2012/06/13 14:17:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2012/06/12 17:53:56 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/06/10 09:35:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mary Forgione\Start Menu\Programs\Administrative Tools
    [2012/06/10 00:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/10 00:18:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/06/09 23:27:37 | 000,254,912 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2012/06/09 23:27:33 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
    [2012/06/09 23:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
    [2012/06/09 23:27:28 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2012/06/09 23:25:29 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
    [2012/06/09 23:25:29 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
    [2012/06/09 23:25:25 | 000,383,368 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2012/06/09 23:25:25 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2012/06/09 23:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Application Data\DriverCure
    [2012/06/09 23:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Application Data\SpeedMaxPc
    [2012/06/09 23:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
    [2012/06/09 22:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Threat Expert
    [2012/06/09 21:57:21 | 000,070,736 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
    [2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0641.old
    [2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0625.old
    [2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0603.old
    [2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0601.old
    [2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0600.old
    [2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2012/06/09 21:57:20 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0641.old
    [2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0625.old
    [2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0603.old
    [2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0601.old
    [2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0600.old
    [2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2012/06/09 21:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
    [2012/06/09 21:18:56 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
    [2012/06/09 21:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/06/09 21:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Application Data\TestApp
    [2012/06/09 21:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2012/06/09 17:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2012/06/09 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2012/05/25 10:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/23 22:36:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/06/23 22:18:40 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/06/23 22:08:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/23 22:05:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/06/23 22:04:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/23 22:04:43 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
    [2012/06/23 21:09:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/23 16:54:10 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job
    [2012/06/23 13:24:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
    [2012/06/22 20:26:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\ammendment.wps
    [2012/06/22 20:26:38 | 000,002,896 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Application Data\wklnhst.dat
    [2012/06/22 14:08:24 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to steve1.lnk
    [2012/06/22 13:00:13 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Windows Explorer (2).lnk
    [2012/06/22 12:44:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/06/22 12:24:43 | 004,565,264 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\ComboFix.exe
    [2012/06/21 21:28:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/06/21 16:35:28 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\statement.wps
    [2012/06/20 21:48:23 | 007,902,008 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Mary Forgione\Desktop\RevoUninProSetup.exe
    [2012/06/20 19:26:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/06/19 22:30:09 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe
    [2012/06/19 20:32:04 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
    [2012/06/14 03:20:25 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/06/14 03:03:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/06/13 22:57:57 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\log3.wps
    [2012/06/13 22:45:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\dds.scr
    [2012/06/13 21:08:11 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\log2.wps
    [2012/06/12 18:20:00 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/06/10 14:54:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/10 00:32:19 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012/06/10 00:29:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/06/09 23:27:34 | 000,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
    [2012/06/09 23:10:25 | 000,000,486 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to comedy.lnk
    [2012/06/09 21:19:36 | 000,673,367 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/06/09 18:02:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/05/25 11:01:30 | 000,000,780 | ---- | M] () -- C:\WINDOWS\orun32.ini
    [2012/05/25 10:45:08 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/22 14:08:24 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to steve1.lnk
    [2012/06/22 13:00:13 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Desktop\Windows Explorer (2).lnk
    [2012/06/22 12:42:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/06/21 21:28:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/06/21 21:28:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/06/21 21:25:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/06/21 21:25:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/06/21 21:25:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/06/21 21:25:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/06/21 21:25:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/06/21 17:04:49 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\ammendment.wps
    [2012/06/21 10:58:54 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\statement.wps
    [2012/06/11 09:44:58 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\log3.wps
    [2012/06/10 18:37:38 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\log2.wps
    [2012/06/10 14:54:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/10 00:41:58 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/06/10 00:31:58 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/09 23:27:34 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
    [2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0641.old
    [2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0625.old
    [2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0603.old
    [2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0601.old
    [2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0600.old
    [2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
    [2012/06/09 21:57:20 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
    [2012/06/09 21:57:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
    [2012/06/09 21:57:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
    [2012/06/09 21:57:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
    [2012/06/09 21:19:03 | 000,673,367 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2012/06/09 18:07:49 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@
    [2012/06/09 18:07:30 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@
    [2012/06/09 17:53:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/05/25 10:57:15 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2012/05/23 21:23:58 | 000,017,407 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\dt.dat
    [2012/05/14 17:00:27 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2012/03/27 21:29:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/24 15:46:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/05/12 14:06:54 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/09/09 14:53:58 | 000,129,830 | ---- | C] () -- C:\WINDOWS\HPHins13.dat
    [2010/09/09 14:53:58 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat
    [2009/08/15 16:17:16 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\fusioncache.dat
    [2009/08/12 07:54:03 | 000,002,896 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Application Data\wklnhst.dat
    [2009/05/03 12:12:35 | 000,008,004 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\DModem_Trace.trc
    [2007/11/30 19:41:31 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/08/10 13:51:16 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\@

    ========== LOP Check ==========

    [2007/12/15 13:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
    [2012/05/25 10:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/06/19 20:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/03/27 16:44:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/07/18 14:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2012/04/25 20:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2012/04/25 20:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
    [2007/11/25 18:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
    [2012/06/10 02:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
    [2007/11/25 18:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2007/11/29 20:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2012/05/01 18:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG Secure Search
    [2012/05/01 18:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG2012
    [2012/05/01 18:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\FCSB000062035
    [2007/12/15 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\AT&T
    [2012/03/28 08:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\AVG
    [2012/03/27 16:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\AVG2012
    [2012/06/09 23:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\DriverCure
    [2010/04/29 20:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\FCSB000062035
    [2010/04/29 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\FinalMediaPlayer
    [2010/09/02 13:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\Image Zone Express
    [2012/04/25 12:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\Media Finder
    [2012/06/09 23:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\SpeedMaxPc
    [2012/04/10 20:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\Template
    [2012/06/09 21:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\TestApp
    [2012/06/23 22:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\uTorrent
    [2010/04/29 20:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\WeatherBug
    [2012/06/23 22:05:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    [2012/06/23 16:54:10 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job

  8. #23
    Join Date
    Nov 2005
    Posts
    162

    rest of otl.txt and extras.txt

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/12/15 13:34:13 | 010,763,084 | ---- | M] () -- C:\BellSouthIW.re~
    [2010/12/25 14:52:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/06/21 21:28:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/06/22 12:50:56 | 000,021,896 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/11/25 18:04:00 | 000,006,952 | RH-- | M] () -- C:\dell.sdr
    [2012/06/13 16:28:34 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
    [2009/04/22 10:25:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2011/04/21 09:05:40 | 000,030,301 | ---- | M] () -- C:\install.log
    [2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/04/22 10:26:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/06/23 22:08:15 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/15 11:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
    [2012/06/09 21:16:32 | 000,086,940 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_09.06.2012_21.15.41_log.txt
    [2012/06/10 00:01:34 | 000,089,468 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_10.06.2012_00.00.45_log.txt
    [2012/06/10 00:18:14 | 000,185,200 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_10.06.2012_00.15.04_log.txt
    [2010/06/24 15:05:29 | 000,000,664 | ---- | M] () -- C:\updatedatfix.log
    [2012/04/25 20:00:28 | 000,000,453 | ---- | M] () -- C:\user.js

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/12/29 09:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4v2.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >
    [2009/05/26 22:12:47 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\Favorites\helpme_att.lnk

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/04/22 10:32:32 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/04/22 10:44:20 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/10 14:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/19 22:30:09 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe
    [2012/06/22 12:24:43 | 004,565,264 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\ComboFix.exe
    [2012/06/23 13:24:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
    [2012/06/20 21:48:23 | 007,902,008 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Mary Forgione\Desktop\RevoUninProSetup.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/20 19:26:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2004/08/04 06:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/06/23 22:04:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/23 21:09:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/23 22:18:40 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/06/23 22:04:43 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
    [2012/06/19 20:32:04 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
    [2012/06/23 22:07:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2012/06/23 22:05:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/06/23 16:54:10 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/04/22 10:44:20 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Mary Forgione\Favorites\Desktop.ini
    [2009/05/26 22:12:47 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Mary Forgione\Favorites\helpme_att.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/06/23 22:41:30 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/13 20:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    OTL Extras logfile created on: 6/23/2012 11:00:10 PM - Run 1
    OTL by OldTimer - Version 3.2.52.0 Folder = C:\Documents and Settings\Mary Forgione\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.11 Mb Total Physical Memory | 671.99 Mb Available Physical Memory | 66.33% Memory free
    2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.67% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.45 Gb Total Space | 32.29 Gb Free Space | 43.37% Space Free | Partition Type: NTFS

    Computer Name: MARY | User Name: Mary Forgione | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*isabled:µTorrent -- (BitTorrent, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
    "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
    "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Protector by IB 2.0.0.426
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
    "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
    "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.8.0
    "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Dictionary.com Toolbar
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
    "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
    "{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
    "{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
    "{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
    "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
    "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E7B100D8-98A5-42AA-830F-16D6BD5351F1}" = My.Freeze.com NetAssistant
    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
    "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AOL Regclient" = AOL Registration
    "AOL Toolbar" = AOL Toolbar 5.0
    "AOL Toolbar 5.0" =
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "ATT-SST" = AT&T Self Support Tool
    "Browser Defender_is1" = Browser Guard 4.0
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "FinalMediaPlayer_is1" = Final Media Player 2010
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 5.3
    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
    "HPExtendedCapabilities" = HP Extended Capabilities 5.3
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft Security Client" = Microsoft Security Essentials
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PriceGong" = PriceGong 2.1.0
    "RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
    "RealPlayer 15.0" = RealPlayer
    "SearchAssist" = SearchAssist
    "Shop to Win 2" = Shop to Win 2
    "uTorrent" = µTorrent
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Dictionary.com Toolbar Updater

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/13/2012 10:48:27 AM | Computer Name = MARY | Source = Application Error | ID = 1000
    Description = Faulting application h70k0yk0[1].exe, version 1.0.15.15641, faulting
    module h70k0yk0[1].exe, version 1.0.15.15641, fault address 0x0006ab2c.

    Error - 6/20/2012 10:30:17 AM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am bde,
    P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 6/20/2012 10:13:09 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am fe,
    P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 6/21/2012 11:25:55 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am fe,
    P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 6/22/2012 1:02:34 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am fe,
    P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 6/23/2012 1:08:10 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am fe,
    P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 6/23/2012 1:08:38 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am delta,
    P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 6/23/2012 3:13:26 PM | Computer Name = MARY | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.2.52.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/23/2012 4:21:20 PM | Computer Name = MARY | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.2.52.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/23/2012 10:33:25 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am delta,
    P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    [ System Events ]
    Error - 6/23/2012 10:10:09 PM | Computer Name = MARY | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Fips intelppm MpFilter PCTSD

    Error - 6/23/2012 10:33:19 PM | Computer Name = MARY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service wuauserv with
    arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    Error - 6/23/2012 10:33:19 PM | Computer Name = MARY | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service wuauserv with
    arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    Error - 6/23/2012 10:33:19 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.43.0 Update Source: %%859 Update Stage:
    %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

    Current
    Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error
    description: This service cannot be started in Safe Mode

    Error - 6/23/2012 10:33:25 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: 1.129.359.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update
    Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\NETWORK
    SERVICE Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error
    code: 0x80070666 Error description: Another version of this product is already installed.
    Installation of this version cannot continue. To configure or remove the existing
    version of this product, use Add/Remove Programs on the Control Panel.

    Error - 6/23/2012 10:33:25 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: 1.129.359.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update
    Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\NETWORK
    SERVICE Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error
    code: 0x80070666 Error description: Another version of this product is already installed.
    Installation of this version cannot continue. To configure or remove the existing
    version of this product, use Add/Remove Programs on the Control Panel.

    Error - 6/23/2012 10:33:27 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
    %%854 Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094

    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
    version of this product is already installed. Installation of this version cannot
    continue. To configure or remove the existing version of this product, use Add/Remove
    Programs on the Control Panel.

    Error - 6/23/2012 10:33:27 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
    %%854 Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094

    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
    version of this product is already installed. Installation of this version cannot
    continue. To configure or remove the existing version of this product, use Add/Remove
    Programs on the Control Panel.

    Error - 6/23/2012 10:33:27 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
    %%854 Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094

    Signature
    Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
    version of this product is already installed. Installation of this version cannot
    continue. To configure or remove the existing version of this product, use Add/Remove
    Programs on the Control Panel.

    Error - 6/23/2012 10:33:27 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
    %%854 Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094

    Signature
    Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
    Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
    version of this product is already installed. Installation of this version cannot
    continue. To configure or remove the existing version of this product, use Add/Remove
    Programs on the Control Panel.


    < End of report >

  9. #24
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You didn't say:
    How is computer doing?


    ===========================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
      DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys -- (MpKsl16804b37)
      IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      O15 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O15 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
      O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
      [2012/06/09 18:07:49 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@
      [2012/06/09 18:07:30 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@
      [2004/08/10 13:51:16 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\@
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    =====================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.



    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.

  10. #25
    Join Date
    Nov 2005
    Posts
    162

    otl fix log

    Computer is much improved; i will run remaining scans and post logs.

    All processes killed
    ========== OTL ==========
    Service MRESP50a64 stopped successfully!
    Service MRESP50a64 deleted successfully!
    File C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS not found.
    Service MREMP50a64 stopped successfully!
    Service MREMP50a64 deleted successfully!
    File C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS not found.
    Error: Unable to stop service MpKsl16804b37!
    Service\Driver key MpKsl16804b37 not found.
    File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys not found.
    Registry value HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
    Registry key HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\motive.com\patttbc.att\ deleted successfully.
    Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@ moved successfully.
    C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@ moved successfully.
    C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\@ moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Ask.com\Updater folder moved successfully.
    C:\Program Files\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files\Ask.com\assets folder moved successfully.
    C:\Program Files\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    ->Flash cache emptied: 113 bytes

    User: Default User
    ->Temp folder emptied: 32768 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 566 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1511976 bytes
    ->Flash cache emptied: 1187 bytes

    User: Mary Forgione
    ->Temp folder emptied: 1216016 bytes
    ->Temporary Internet Files folder emptied: 134820646 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6232382 bytes
    ->Flash cache emptied: 47164 bytes

    User: NetworkService
    ->Temp folder emptied: 53112 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 111248 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 419636 bytes

    Total Files Cleaned = 138.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: Guest

    User: LocalService

    User: Mary Forgione
    ->Java cache emptied: 0 bytes

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: Mary Forgione
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.52.0 log created on 06242012_103736

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

  11. #26
    Join Date
    Nov 2005
    Posts
    162

    security check and fss log

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````


    Farbar Service Scanner Version: 24-06-2012
    Ran by Mary Forgione (administrator) on 24-06-2012 at 13:33:21
    Running from "C:\Documents and Settings\Mary Forgione\Desktop"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit


    **** End of log ****

  12. #27
    Join Date
    Nov 2005
    Posts
    162

    ran online scan

    i ran the final online scan you recommended. No threats were found.

    how can I get rid of pc tools spywared doctor.

    I am hoving trouble getting virus definition updates for microsoft security essentials.

    Could you recommend a good free anti virus protection.

  13. #28
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    MSE is a decent program.
    I suggest you reinstall and see if that solves the issue.
    If not let me know.

    As for PC Tools try Revo....

    Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

    Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
    • Please download and install Revo Uninstaller Free
    • Double click Revo Uninstaller to run it.
    • From the list of programs double click on the program you want to remove
    • When prompted if you want to uninstall click Yes.
    • Be sure the Moderate option is selected then click Next.
    • The program will run, If prompted again click Yes
    • When the built-in uninstaller is finished click on Next
    • Once the program has searched for leftovers click Next.
    • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
    • When prompted click on Yes and then on Next.
    • Put a check on any folders that are found and select Delete
    • When prompted select Yes then Next
    • Once done click Finish.

  14. #29
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Your computer is clean

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:


    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.


    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.


    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.

  15. #30
    Join Date
    Nov 2005
    Posts
    162

    uninstall

    moving along. pc tools spyware doctor doesnot appear in the list for the uninstall program. what then?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •