WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can not load g-mail or goole on any pc in house [Solved]

Started by macdoo , Feb 16 2012 06:19 AM

This topic is locked

128 replies to this topic

#16 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 18 February 2012 - 09:47 AM

Well done macdoo, you did a good job.

I haven’t had a chance to look at your log thoroughly but while I do, let's see if you can run a couple more scans.

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise any malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop.

close all running programs
for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
when prompted, type 1 and press Enter
the RKreport.txt will be generated next to the executable, (on the desktop).
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Remember: do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

=============================================

Run Farbar Service Scanner

Please download Farbar Service Scanner

make sure "Include All Files" option remains checked
press Scan
it will create a log (FSS.txt) in the same directory the tool is run
please copy and paste the log to your reply.

Logs to include in the next post:

RKreport.txt
FSS.txt

I am busy for a while now but will try to get back later.

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Advertisements

Register to Remove

#17 macdoo

Authentic Member

Authentic Member
70 posts

Posted 18 February 2012 - 10:17 AM

For RogueKiller I was never prompted other than to click scan. So that's all I did for that one. For FSS there was not an "include all Files" box. The only one checked was internet so I put a check in all the boxes. Here are the reports. By the way the Rougue scan had two things beside it on desk top after scan so I will attach both just to be sure.

Attached Files

RKreport_1_.txt 1.34KB 303 downloads
QuarantineReport.txt 62bytes 270 downloads
FSS.txt 2.06KB 299 downloads

#18 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 18 February 2012 - 03:45 PM

So far do good.

I'm not an expert on wireless connections and the Internet but we can eliminate the presence of infection first and then take it from there.

Download and run ComboFix

Download ComboFix from the following location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, as they may otherwise interfere with our tools. See here for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.

When finished, it will produce a log. Please include the ComboFix.txt in your next reply. It can be found at C:\ComboFix.txt

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#19 macdoo

Authentic Member

Authentic Member
70 posts

Posted 18 February 2012 - 04:23 PM

Thanks

ComboFix 12-02-17.02 - Heidi Seitz 02/18/2012 16:59:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.267 [GMT -5:00]
Running from: c:\documents and settings\Heidi Seitz\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Heidi\JNativeCpp.dll
c:\documents and settings\Heidi\WINDOWS
c:\windows\kb913800.exe
c:\windows\Tab16d20.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-16 20:37 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 20:37 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 07:29 . 2012-02-16 07:29 -------- d-----w- C:\N360_BACKUP
2012-02-16 05:05 . 2012-02-16 05:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-16 05:05 . 2012-02-16 05:05 -------- d-----w- c:\program files\Symantec
2012-02-16 05:05 . 2012-02-16 05:05 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-16 05:03 . 2012-02-16 05:03 -------- d-----w- c:\windows\system32\drivers\N360
2012-02-16 05:02 . 2012-02-16 05:03 -------- d-----w- c:\program files\Norton 360
2012-02-16 05:02 . 2012-02-16 05:02 -------- d-----w- c:\program files\Windows Sidebar
2012-02-16 03:54 . 2012-02-16 04:07 -------- d-----w- c:\documents and settings\Heidi Seitz\Application Data\Elluminate
2012-02-01 03:31 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-02-01 03:31 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-02-01 03:31 . 2012-02-01 03:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-01-28 13:27 . 2012-02-08 17:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-28 13:27 . 2012-02-08 17:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-28 13:27 . 2012-02-08 20:13 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-28 13:27 . 2012-02-08 17:12 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-28 13:27 . 2012-02-08 17:12 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-28 13:27 . 2012-02-08 17:12 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2006-03-16 04:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:13 . 2006-03-16 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2006-03-16 04:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2006-03-16 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-11-25 21:57 . 2006-03-16 04:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2008-02-28 18:30 . 2008-07-28 17:42 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 18:33 . 2008-07-28 17:42 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2012-02-08 20:13 . 2011-03-28 23:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7569408]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-27 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\documents and settings\Heidi Seitz\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\Johny\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-14 113664]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0600010.002\SymDS.sys [2/16/2012 12:04 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0600010.002\SymEFA.sys [2/16/2012 12:04 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2/16/2012 12:11 AM 820344]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0600010.002\ccSetx86.sys [2/16/2012 12:04 AM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0600010.002\Ironx86.sys [2/16/2012 12:04 AM 149624]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe [2/16/2012 12:03 AM 138248]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120217.003\IDSXpx86.sys [2/17/2012 9:22 PM 356280]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - EraserUtilDrv11122
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 21:52]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 21:52]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540146634-2539278503-1871707970-1005Core.job
- c:\documents and settings\Heidi Seitz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 04:32]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540146634-2539278503-1871707970-1005UA.job
- c:\documents and settings\Heidi Seitz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 04:32]
.
2012-02-17 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:28]
.
2010-01-09 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 85.195.91.34
FF - ProfilePath - c:\documents and settings\Heidi Seitz\Application Data\Mozilla\Firefox\Profiles\mfe6wn8q.default\
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 17:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\????????@???????@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.0.1.2\diMaster.dll\" /prefetch:1"
.
Completion time: 2012-02-18 17:21:15
ComboFix-quarantined-files.txt 2012-02-18 22:21
.
Pre-Run: 16,536,879,104 bytes free
Post-Run: 16,669,544,448 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 9AC6FFFF1F14CC85E2D4A87B79B5A797

Attached Files

log_for_combofix.txt 11.86KB 302 downloads

#20 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 19 February 2012 - 04:14 AM

I can’t see much in the logs but here are signs of an unknown MBR code.

The MBR is the Master Boot Record. The code in the MBR is run as your computer starts up (before Windows) which makes it a great place for a virus or rootkit to hide so we need to check more.

First:

Uninstall the following program:

iMesh Media Bar

To remove it:

click on Start, Settings, Control Panel
double-click Add or Remove Programs (it may take time for the list to appear, so be patient)
scroll down the list and look for the above entry:
if it is present, click on the program name and then on Remove.

===================================

Open ComboFix

Please do the following:

close any open browsers.
close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix.
open notepad and copy/paste the text in the codebox below into it:

Firefox:: FF - ProfilePath - c:\documents and settings\Heidi Seitz\Application Data\Mozilla\Firefox\Profiles\mfe6wn8q.default\ FF - prefs.js: browser.search.selectedEngine - iMesh Web Search FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it produces a log at C:\ComboFix.txt. Post the contents of Combofix.txt in your next reply.

===================================

Download and run MBRCheck

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

===================================

Run TDSSKiller

Please download TDSSKiller.zip

extract it to your desktop
double click TDSSKiller.exe
press Start Scan
only if Malicious objects are found then ensure Cure is selected. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.
click Continue > Reboot now
copy and paste the log in your next reply
a copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)

Logs to include with next post:

ComboFix.txt
MBRCheck log
TDSSKiller log

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#21 macdoo

Authentic Member

Authentic Member
70 posts

Posted 19 February 2012 - 06:51 AM

Good morning. You are about 5 hours ahead of my time zone. I have been trying to dig imesh out of this computer for so long there was nothing left of it in my add/remove so I could not do an uninstall. Everything else went smoothly with scans. I'm having a new thing happen. When I submittited this reply the first time a box popped up. Across the top in darker blue bar it said "Windows Internet Explorer" . Inside the box there is an orange riangle with an exclamation point in it and beside the triangle says "test". I have to click OK for my screen to refresh and show my post.

Attached Files

combofix_log_2.txt 11.52KB 308 downloads
MBRCheck_02.19.12_07.41.50.txt 10.88KB 304 downloads
TDSSKiller.2.7.13.0_19.02.2012_07.44.42_log.txt 66.01KB 277 downloads

Edited by macdoo, 19 February 2012 - 07:00 AM.

#22 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 19 February 2012 - 07:34 AM

Good morning to you also macdoo

It appears that we got rid if iMesh and I see nothing bad in those logs.

Can you tell me how your computer is running and what problems remain

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#23 macdoo

Authentic Member

Authentic Member
70 posts

Posted 19 February 2012 - 07:49 AM

Ok I tried g-mail.com from internet explorer and it said can not load page. I typed in google.com and it appeared to load. I typed the word shark into the search box and got a list of results. Top of the list was wikipedia. clicked the link and here is where I landed

http://www.askthecre...i...76&rnn=rnn2

Not seeing the bufpuma redirect this time. Now it's something else. It goes by so fast but now all google results seem to end at an askthecrew something.
Sorry. I'm just as broken as when we started.

Went looking for more info on what was happening when I click a google search result and here is what I found:
http://envoyne.info/feed.php?kwd= The word I put in the google search box follows the = sign

Edited by macdoo, 19 February 2012 - 07:59 AM.

#24 macdoo

Authentic Member

Authentic Member
70 posts

Posted 19 February 2012 - 08:03 AM

OK here is one more example: In Internet Explorer address bar I typed google.com and go to what looks like a perfectly normal google. In the search box at google I typed whatthetech. The results had this site at the top. I clicked the result and went to an askthecrew.net page. I clicked the back arrow and landed here
http://www.gimmeansw...;aff=46251-2410

#25 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 19 February 2012 - 08:12 AM

I don’t think this is as bad as I first suspected but very annoying just the same.

AsktheCrew.net is a browser hijacker. It’s an infection that redirects your web browser to AsktheCrew.net whenever you try to use another search engine (such as Google).

Let’s use some different stuff to get rid of it.

NOTE: Please copy and paste them, not attach them.

Download Malwarebytes-Anti-Malware

Click here

double-click mbam-setup.exe and follow the prompts to install the program.
at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
if an update is found, it will download and install the latest version.
once the program has loaded, select Perform quick scan, then click Scan.
when the scan is complete, click OK, then Show Results to view the results.
be sure that everything is checked, and click Remove Selected.
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

==========================================

Download and run OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.

Logs to include with next post:

OTL.txt
Extras.txt
Mbam.txt

Please remember to copy and paste them, not attach them.

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Advertisements

Register to Remove

#26 macdoo

Authentic Member

Authentic Member
70 posts

Posted 19 February 2012 - 09:07 AM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Heidi Seitz :: HEIDI [limited]

Protection: Enabled

2/19/2012 9:22:30 AM
mbam-log-2012-02-19 (09-22-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230428
Time elapsed: 9 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL Extras logfile created on: 2/19/2012 9:35:18 AM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\Heidi Seitz\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.60 Mb Total Physical Memory | 304.23 Mb Available Physical Memory | 31.74% Memory free
2.26 Gb Paging File | 1.66 Gb Available in Paging File | 73.49% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.00 Gb Total Space | 15.50 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.15 Gb Free Space | 9.81% Space Free | Partition Type: FAT32

Computer Name: HEIDI | User Name: Heidi Seitz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}" = HP User Guides 0027
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ESPNMotion" = ESPNMotion
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.11.2109" = Opera 11.11
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2012 7:51:07 AM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1968

Error - 2/12/2012 7:51:09 AM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/12/2012 7:51:09 AM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4000

Error - 2/12/2012 7:51:09 AM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4000

Error - 2/12/2012 5:07:31 PM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/12/2012 5:07:31 PM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2047

Error - 2/12/2012 5:07:31 PM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2047

Error - 2/13/2012 7:36:08 PM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/13/2012 7:36:08 PM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2437

Error - 2/13/2012 7:36:08 PM | Computer Name = HEIDI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2437

[ System Events ]
Error - 2/19/2012 11:01:14 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

Error - 2/19/2012 11:01:14 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

Error - 2/19/2012 11:01:55 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

Error - 2/19/2012 11:01:55 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

Error - 2/19/2012 11:02:39 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

Error - 2/19/2012 11:02:39 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

Error - 2/19/2012 11:03:22 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

Error - 2/19/2012 11:03:22 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

Error - 2/19/2012 11:04:15 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

Error - 2/19/2012 11:04:15 AM | Computer Name = HEIDI | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 255

< End of report >

OTL logfile created on: 2/19/2012 9:35:18 AM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\Heidi Seitz\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.60 Mb Total Physical Memory | 304.23 Mb Available Physical Memory | 31.74% Memory free
2.26 Gb Paging File | 1.66 Gb Available in Paging File | 73.49% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.00 Gb Total Space | 15.50 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.15 Gb Free Space | 9.81% Space Free | Partition Type: FAT32

Computer Name: HEIDI | User Name: Heidi Seitz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Heidi Seitz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Vongo\VongoService.exe (Starz Entertainment Group LLC)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_53c74b9b\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d8965a4d\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_0f992ce8\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_660bf5ff\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3935d085\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll ()
MOD - c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll ()
MOD - c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll ()
MOD - c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll ()
MOD - c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll ()
MOD - c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\Program Files\Vongo\CaPolMgr.dll ()
MOD - C:\Program Files\Vongo\sqldrivers\qsqlite.dll ()
MOD - C:\Program Files\Vongo\qt-mt335.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Vongo Service) -- C:\Program Files\Vongo\VongoService.exe (Starz Entertainment Group LLC)

========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120217.003\IDSXpx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120218.008\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120218.008\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120215.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0600010.002\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0600010.002\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0600010.002\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0600010.002\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0600010.002\Ironx86.SYS (Symantec Corporation)
DRV - (ccSet_N360) -- C:\WINDOWS\system32\drivers\N360\0600010.002\ccSetx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0600010.002\SYMDS.SYS (Symantec Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/02/16 00:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/02/18 10:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 15:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/28 18:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/03/23 22:02:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/03/23 22:02:22 | 000,000,000 | ---D | M]

[2011/06/19 07:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heidi Seitz\Application Data\Mozilla\Extensions
[2011/06/19 07:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heidi Seitz\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/01/11 20:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heidi Seitz\Application Data\Mozilla\Firefox\Profiles\mfe6wn8q.default\extensions
[2011/03/28 18:38:06 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Heidi Seitz\Application Data\Mozilla\Firefox\Profiles\mfe6wn8q.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2012/02/12 15:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HEIDI SEITZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MFE6WN8Q.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2010/02/03 01:51:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/08 15:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/05/19 13:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2008/02/28 13:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2008/02/28 13:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2012/02/08 12:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/09/02 03:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2012/02/08 12:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://search.imesh....q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.381 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/18 17:13:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.0.1.2\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.0.1.2\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.0.1.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.0.1.2\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Heidi Seitz\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.195.91.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F55E7425-751D-4426-A34D-AE48B2FE8344}: DhcpNameServer = 85.195.91.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/19 09:33:40 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heidi Seitz\Desktop\OTL.exe
[2012/02/19 09:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heidi Seitz\Application Data\Malwarebytes
[2012/02/19 09:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/19 09:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/19 09:20:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/19 09:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/19 09:17:40 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Heidi Seitz\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/19 07:18:15 | 004,406,994 | R--- | C] (Swearware) -- C:\Documents and Settings\Heidi Seitz\Desktop\ComboFix.exe
[2012/02/18 16:55:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/18 16:51:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/18 16:51:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/18 16:51:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/18 16:51:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/18 16:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/18 16:51:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/18 11:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heidi Seitz\Desktop\RK_Quarantine
[2012/02/17 06:12:17 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Heidi Seitz\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/17 06:09:59 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heidi Seitz\Desktop\OTC.exe
[2012/02/17 06:08:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heidi Seitz\Desktop\TFC.exe
[2012/02/16 18:06:49 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Heidi Seitz\Desktop\aswMBR.exe
[2012/02/16 18:01:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Heidi Seitz\Start Menu\Programs\Administrative Tools
[2012/02/16 18:01:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Heidi Seitz\Desktop\dds.scr
[2012/02/16 06:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heidi Seitz\Desktop\backups
[2012/02/16 05:59:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Heidi Seitz\Desktop\HijackThis.exe
[2012/02/16 02:29:16 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2012/02/16 00:05:07 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/02/16 00:05:06 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/02/16 00:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/16 00:04:28 | 000,388,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0600010.002\symtdi.sys
[2012/02/16 00:04:28 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0600010.002\symtdiv.sys
[2012/02/16 00:04:27 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0600010.002\symnets.sys
[2012/02/16 00:04:14 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymEFA.sys
[2012/02/16 00:04:14 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymDS.sys
[2012/02/16 00:04:14 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0600010.002\srtspx.sys
[2012/02/16 00:04:13 | 000,574,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0600010.002\srtsp.sys
[2012/02/16 00:04:13 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0600010.002\Ironx86.sys
[2012/02/16 00:04:12 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0600010.002\ccSetx86.sys
[2012/02/16 00:03:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2012/02/16 00:03:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0600010.002
[2012/02/16 00:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2012/02/16 00:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/02/16 00:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2012/02/15 23:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heidi Seitz\Start Menu\Programs\Norton
[2012/02/15 23:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/02/15 23:27:34 | 000,829,088 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Heidi Seitz\Desktop\N360Downloader.exe
[2012/02/15 22:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heidi Seitz\Application Data\Elluminate
[2012/02/15 19:34:16 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Heidi Seitz\Desktop\tdsskiller.exe
[2012/02/12 15:24:24 | 015,795,360 | ---- | C] (Mozilla) -- C:\Documents and Settings\Heidi Seitz\Desktop\Firefox Setup 10.0.1.exe
[2012/01/31 22:31:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012/01/31 22:31:19 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2012/01/31 22:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/19 09:38:28 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2540146634-2539278503-1871707970-1005UA.job
[2012/02/19 09:33:42 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heidi Seitz\Desktop\OTL.exe
[2012/02/19 09:20:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 09:19:03 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Heidi Seitz\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/19 08:57:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/19 08:37:01 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2540146634-2539278503-1871707970-1005Core.job
[2012/02/19 07:44:02 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Heidi Seitz\Desktop\tdsskiller.exe
[2012/02/19 07:41:22 | 002,041,519 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\tdsskiller.zip
[2012/02/19 07:40:17 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\MBRCheck.exe
[2012/02/19 07:14:34 | 004,406,994 | R--- | M] (Swearware) -- C:\Documents and Settings\Heidi Seitz\Desktop\ComboFix.exe
[2012/02/19 02:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/02/18 21:23:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/18 17:13:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/18 16:55:18 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2012/02/18 11:04:50 | 000,337,039 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\FSS.exe
[2012/02/18 11:03:47 | 001,251,328 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\RogueKiller.exe
[2012/02/18 10:17:52 | 000,001,329 | ---- | M] () -- C:\hpqp.ini
[2012/02/18 10:17:34 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/18 10:17:28 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2012/02/18 10:17:27 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/18 10:17:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/18 10:17:12 | 1005,236,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 20:13:24 | 003,540,534 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\crash report after re-boot.bmp
[2012/02/17 11:39:34 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/17 11:39:33 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Google Chrome.lnk
[2012/02/17 06:17:01 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Heidi Seitz\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/17 06:10:00 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heidi Seitz\Desktop\OTC.exe
[2012/02/17 06:08:10 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heidi Seitz\Desktop\TFC.exe
[2012/02/17 06:03:19 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Heidi Seitz\Desktop\aswMBR.exe
[2012/02/16 23:41:50 | 000,256,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 23:31:23 | 000,615,015 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\Cat.DB
[2012/02/16 23:31:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/16 18:05:43 | 000,003,885 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\attach (dds).zip
[2012/02/16 18:01:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Heidi Seitz\Desktop\dds.scr
[2012/02/16 05:59:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Heidi Seitz\Desktop\HijackThis.exe
[2012/02/16 00:10:56 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\VT20111023.022
[2012/02/16 00:05:06 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/02/16 00:05:06 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/02/16 00:05:06 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/02/16 00:05:06 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/02/16 00:04:51 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2012/02/16 00:02:14 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Norton Installation Files.lnk
[2012/02/15 23:27:34 | 000,829,088 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Heidi Seitz\Desktop\N360Downloader.exe
[2012/02/12 15:35:10 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/12 15:35:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/12 15:30:06 | 015,795,360 | ---- | M] (Mozilla) -- C:\Documents and Settings\Heidi Seitz\Desktop\Firefox Setup 10.0.1.exe
[2012/02/10 15:16:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/08 19:29:44 | 000,126,705 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\coronas in snow.jpg
[2012/02/07 02:37:07 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\isolate.ini
[2012/02/05 22:03:41 | 000,066,072 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\jane usa gold.JPG
[2012/02/05 21:43:15 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\usa gold logo.jpg
[2012/02/05 21:42:38 | 000,008,163 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\usa blu box.jpg
[2012/02/05 21:36:06 | 003,092,662 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\mom bunny ears.JPG
[2012/02/05 21:35:20 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 21:12:44 | 000,067,188 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\new john usagold.JPG
[2012/02/05 21:09:52 | 000,461,306 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\statue of liberty.JPG
[2012/02/05 21:09:31 | 000,631,951 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\john usa gold 2.JPG
[2012/02/05 10:11:25 | 000,314,757 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\john usa gold.JPG
[2012/02/05 10:06:10 | 000,001,460 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2012/02/05 10:01:15 | 000,590,410 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\USA gold pic2.JPG
[2012/02/05 09:58:49 | 000,579,419 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\USAGOLD PIC.JPG
[2012/02/05 09:51:14 | 000,564,521 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\usa gold me.JPG
[2012/02/04 17:11:38 | 001,161,463 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\balance corona.JPG
[2012/02/04 17:11:10 | 000,613,751 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\tv corona.JPG
[2012/02/02 19:21:41 | 001,261,695 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\corona.JPG
[2012/02/02 14:15:27 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Shortcut to 0202020908.lnk
[2012/02/02 07:27:28 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Shortcut to 0130022044.lnk
[2012/01/27 08:13:54 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Shortcut to 1112090911a.lnk
[2012/01/27 08:13:02 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Shortcut to 0926001756.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/19 09:20:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 07:41:21 | 002,041,519 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\tdsskiller.zip
[2012/02/19 07:40:17 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\MBRCheck.exe
[2012/02/18 16:55:18 | 000,000,221 | ---- | C] () -- C:\Boot.bak
[2012/02/18 16:55:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/18 16:51:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/18 16:51:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/18 16:51:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/18 16:51:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/18 16:51:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/18 11:03:33 | 001,251,328 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\RogueKiller.exe
[2012/02/17 21:55:50 | 1005,236,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/17 20:46:07 | 000,337,039 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\FSS.exe
[2012/02/17 20:13:23 | 003,540,534 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\crash report after re-boot.bmp
[2012/02/16 18:05:43 | 000,003,885 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\attach (dds).zip
[2012/02/16 15:37:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 15:37:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/16 00:11:25 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\VT20111023.022
[2012/02/16 00:05:12 | 000,615,015 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\Cat.DB
[2012/02/16 00:05:06 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/02/16 00:05:06 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/02/16 00:04:51 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2012/02/16 00:03:19 | 000,003,434 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymEFA.inf
[2012/02/16 00:03:19 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymDS.inf
[2012/02/16 00:03:19 | 000,001,469 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymNetV.inf
[2012/02/16 00:03:19 | 000,001,441 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymNet.inf
[2012/02/16 00:03:19 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\srtspx.inf
[2012/02/16 00:03:19 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\srtsp.inf
[2012/02/16 00:03:19 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\ccSetx86.inf
[2012/02/16 00:03:19 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\Iron.inf
[2012/02/16 00:03:15 | 000,004,782 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymVTcer.dat
[2012/02/16 00:03:02 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\symnetv.cat
[2012/02/16 00:03:02 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymNet.cat
[2012/02/16 00:03:01 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymDS.cat
[2012/02/16 00:03:01 | 000,007,468 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\ccSetx86.cat
[2012/02/16 00:03:01 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\SymEFA.cat
[2012/02/16 00:03:01 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\srtspx.cat
[2012/02/16 00:03:01 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\srtsp.cat
[2012/02/16 00:03:01 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\iron.cat
[2012/02/16 00:03:01 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0600010.002\isolate.ini
[2012/02/15 23:27:48 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Norton Installation Files.lnk
[2012/02/08 19:30:02 | 000,126,705 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\coronas in snow.jpg
[2012/02/05 22:03:40 | 000,066,072 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\jane usa gold.JPG
[2012/02/05 21:43:32 | 000,002,044 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\usa gold logo.jpg
[2012/02/05 21:42:55 | 000,008,163 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\usa blu box.jpg
[2012/02/05 21:36:04 | 003,092,662 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\mom bunny ears.JPG
[2012/02/05 21:12:44 | 000,067,188 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\new john usagold.JPG
[2012/02/05 21:09:52 | 000,461,306 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\statue of liberty.JPG
[2012/02/05 21:09:31 | 000,631,951 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\john usa gold 2.JPG
[2012/02/05 10:11:25 | 000,314,757 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\john usa gold.JPG
[2012/02/05 10:01:15 | 000,590,410 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\USA gold pic2.JPG
[2012/02/05 09:58:48 | 000,579,419 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\USAGOLD PIC.JPG
[2012/02/05 09:51:13 | 000,564,521 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\usa gold me.JPG
[2012/02/04 17:11:38 | 001,161,463 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\balance corona.JPG
[2012/02/04 17:11:10 | 000,613,751 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\tv corona.JPG
[2012/02/02 19:21:40 | 001,261,695 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\corona.JPG
[2012/02/02 14:15:27 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Shortcut to 0202020908.lnk
[2012/02/02 07:27:28 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Shortcut to 0130022044.lnk
[2012/01/27 08:13:54 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Shortcut to 1112090911a.lnk
[2012/01/27 08:13:02 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Desktop\Shortcut to 0926001756.lnk
[2011/06/25 05:43:52 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/03/03 06:50:24 | 000,051,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/11 16:27:00 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Application Data\wklnhst.dat
[2010/08/07 07:18:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/30 17:04:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2010/06/11 00:54:16 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 00:49:08 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Heidi Seitz\Local Settings\Application Data\fusioncache.dat
[2007/10/12 23:05:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\$_hpcst$.hpc
[2007/02/05 13:55:23 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== LOP Check ==========

[2006/11/22 19:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/04/23 08:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/06/23 06:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/06/19 07:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/02/03 01:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/21 20:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/02/14 23:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 22:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/25 11:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/02/15 23:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heidi Seitz\Application Data\Elluminate
[2010/09/13 18:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heidi Seitz\Application Data\EPSON
[2012/01/14 06:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heidi Seitz\Application Data\Garmin
[2011/02/21 17:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heidi Seitz\Application Data\imeshbandmltbpi
[2010/07/31 20:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heidi Seitz\Application Data\Leadertech
[2010/06/04 23:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heidi Seitz\Application Data\Opera
[2010/10/11 16:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heidi Seitz\Application Data\Template
[2011/06/19 07:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heidi Seitz\Application Data\TomTom

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/02/03 00:46:31 | 000,000,221 | ---- | M] () -- C:\Boot.bak
[2012/02/18 16:55:18 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/19 07:38:36 | 000,011,793 | ---- | M] () -- C:\ComboFix.txt
[2007/01/18 18:54:26 | 000,042,901 | ---- | M] () -- C:\cyuninstal.exe
[2012/02/18 10:17:12 | 1005,236,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/18 10:17:52 | 000,001,329 | ---- | M] () -- C:\hpqp.ini
[2007/01/18 18:55:32 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2007/01/18 18:55:32 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2006/03/15 23:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2010/02/13 18:17:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/30 17:04:30 | 000,020,113 | ---- | M] () -- C:\P1005.log
[2012/02/18 10:17:10 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2012/02/19 07:45:59 | 000,067,592 | ---- | M] () -- C:\TDSSKiller.2.7.13.0_19.02.2012_07.44.42_log.txt
[2012/02/18 10:17:28 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >
[2005/09/24 10:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2006/06/29 13:12:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/09/22 10:50:36 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1006S.DLL
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/06/29 05:59:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/06/29 05:59:22 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >
[2010/02/13 18:22:55 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2006/11/22 19:02:44 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Encarta Online.lnk
[2006/06/29 13:47:58 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\HP Photosmart Premier.lnk
[2006/11/22 19:39:03 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\HP Rhapsody.lnk
[2007/01/21 01:33:58 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
[2007/01/14 23:34:33 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
[2010/02/13 18:22:55 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2006/06/29 13:13:40 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2010/07/31 21:18:12 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-17 04:39:09

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EX_ >
[2006/03/15 15:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\I386\EXPLORER.EX_

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2006/03/15 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/03/15 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2012/02/19 07:44:14 | 000,077,992 | ---- | M] () MD5=6D23AE55F3A4B1DBAE19FA7E20C34C0B -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.SC_ >
[2006/03/15 15:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\I386\EXPLORER.SC_

< MD5 for: EXPLORER.SCF >
[2006/03/15 23:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: IEXPLORE.CH_ >
[2006/03/15 15:00:00 | 000,199,077 | ---- | M] () MD5=5F64795662F162CCD8B30969B6682029 -- C:\I386\IEXPLORE.CH_

< MD5 for: IEXPLORE.CHM >
[2006/03/15 23:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2006/09/01 07:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\e61f6a626d510cdf6c05275cfd960b\iexplore.chm
[2006/09/01 07:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\Help\iexplore.chm

< MD5 for: IEXPLORE.EX_ >
[2006/03/15 15:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\I386\IEXPLORE.EX_

< MD5 for: IEXPLORE.EXE >
[2008/12/19 00:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2008/10/15 01:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2010/12/20 06:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=091D358EFC9D22901BD879EF37F0DAC4 -- C:\WINDOWS\ie7updates\KB2497640-IE7\iexplore.exe
[2010/12/20 06:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=091D358EFC9D22901BD879EF37F0DAC4 -- C:\WINDOWS\SoftwareDistribution\Download\dbc56206f9725bb58bb817b79635488e\SP3GDR\iexplore.exe
[2007/04/24 09:26:26 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=10BDB55982586A432A3951EB19A26009 -- C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe
[2008/12/19 00:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008/04/22 03:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation) MD5=1C206B8FEEC6882B7F7F479E95D2BDD9 -- C:\Program Files\Internet Explorer\iexplore.exe
[2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation) MD5=1C206B8FEEC6882B7F7F479E95D2BDD9 -- C:\WINDOWS\ERDNT\cache\iexplore.exe
[2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation) MD5=1C206B8FEEC6882B7F7F479E95D2BDD9 -- C:\WINDOWS\SoftwareDistribution\Download\7892fd84fa8ab2fb1a673ba33568e0d9\sp3gdr\iexplore.exe
[2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation) MD5=1C206B8FEEC6882B7F7F479E95D2BDD9 -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2011/10/31 05:32:32 | 000,634,504 | ---- | M] (Microsoft Corporation) MD5=1C5DA2D9EA2A59D0D5C116FA3A5A21AA -- C:\WINDOWS\$hf_mig$\KB2618444-IE7\SP3QFE\iexplore.exe
[2008/08/23 00:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2008/04/22 02:40:18 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
[2007/12/06 06:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
[2007/06/27 03:27:30 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=275CEE268B9E5D82474C43D5D249D111 -- C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
[2008/02/29 03:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
[2011/10/31 05:46:00 | 000,634,504 | ---- | M] (Microsoft Corporation) MD5=2E34CF22B5862AB02786F0819B9FD819 -- C:\WINDOWS\ie7updates\KB2647516-IE7\iexplore.exe
[2007/08/17 05:21:21 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3AC2BC667DA0AF2C968E96E1630F5AB5 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2011/04/21 05:34:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=3E23DBEBE1020D52C63235E4189FAC03 -- C:\WINDOWS\$hf_mig$\KB2530548-IE7\SP3QFE\iexplore.exe
[2006/10/17 12:04:40 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=5334D4461AA92A7B008755FE6D13C5F2 -- C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe
[2007/08/17 05:12:49 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=5577D0E3AC2F9F035ACD81B44AF5F511 -- C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie7\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\iexplore.exe
[2007/10/10 03:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2008/06/23 04:20:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=64E376A47763DAEABCDA14BD5B6EA286 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2007/02/21 03:00:58 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=683DDE71BCF03B501B912D20CB93B549 -- C:\WINDOWS\ie7updates\KB933566-IE7\iexplore.exe
[2011/08/17 06:01:37 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=6A1D755C68C10863C598C78A597FA7C3 -- C:\WINDOWS\ie7updates\KB2618444-IE7\iexplore.exe
[2008/02/22 04:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[2007/12/06 03:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2007/01/08 18:08:42 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=93A6A4F5293AE19E3B37021AABCF0902 -- C:\WINDOWS\ie7updates\KB931768-IE7\iexplore.exe
[2011/06/20 06:29:11 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=993F33696EF219C306BF9BBA34D85073 -- C:\WINDOWS\ie7updates\KB2586448-IE7\iexplore.exe
[2007/04/24 09:20:41 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=9B3516C1F30DA17ADD3818573047D63C -- C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe
[2008/10/15 02:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2010/04/16 06:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[2010/04/16 06:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3QFE\iexplore.exe
[2011/04/21 05:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B6E13F9C120C776A89D783E26D6C15C5 -- C:\WINDOWS\ie7updates\KB2559049-IE7\iexplore.exe
[2010/12/20 05:49:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B74CBEBA34E3CAA2CCACC87FEE8A16C0 -- C:\WINDOWS\$hf_mig$\KB2482017-IE7\SP3QFE\iexplore.exe
[2010/12/20 05:49:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B74CBEBA34E3CAA2CCACC87FEE8A16C0 -- C:\WINDOWS\SoftwareDistribution\Download\dbc56206f9725bb58bb817b79635488e\SP3QFE\iexplore.exe
[2009/02/27 23:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2007/06/27 04:16:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=BD8502DFD53FC24FB8D6929DC46B8C2C -- C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe
[2010/04/16 06:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\ie7updates\KB2482017-IE7\iexplore.exe
[2010/04/16 06:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\SoftwareDistribution\Download\626f83f88e86511ae79d7ff76840cc8e\SP3GDR\iexplore.exe
[2008/06/23 03:23:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=C52A9EF571E91535EB78DB4B8B95EA07 -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[2011/08/17 05:34:43 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=CB0AFAF9E5C5FE70EC7087E71275DD33 -- C:\WINDOWS\$hf_mig$\KB2586448-IE7\SP3QFE\iexplore.exe
[2007/02/28 01:51:34 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=D321092F8529CDAE843D6E24E3CAC6CB -- C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe
[2011/12/16 05:35:06 | 000,634,680 | ---- | M] (Microsoft Corporation) MD5=DB9D9A73FACB0B11992201D670D73E16 -- C:\WINDOWS\$hf_mig$\KB2647516-IE7\SP3QFE\iexplore.exe
[2011/12/16 05:35:06 | 000,634,680 | ---- | M] (Microsoft Corporation) MD5=DB9D9A73FACB0B11992201D670D73E16 -- C:\WINDOWS\SoftwareDistribution\Download\7892fd84fa8ab2fb1a673ba33568e0d9\sp3qfe\iexplore.exe
[2011/06/20 05:38:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=DE0F15DD275A36C3E67DC1E36F958F3A -- C:\WINDOWS\$hf_mig$\KB2559049-IE7\SP3QFE\iexplore.exe
[2007/08/13 17:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\e61f6a626d510cdf6c05275cfd960b\iexplore.exe
[2007/08/13 17:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB982381-IE7\iexplore.exe
[2011/02/14 06:36:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E3CC8CCF21BFDC954255BB17083FB9F0 -- C:\WINDOWS\$hf_mig$\KB2497640-IE7\SP3QFE\iexplore.exe
[2011/02/14 06:36:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E3CC8CCF21BFDC954255BB17083FB9F0 -- C:\WINDOWS\SoftwareDistribution\Download\119d2150a866d5a5cb5dede92281fda9\SP3QFE\iexplore.exe
[2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E4A798DFDE7FE6E79F23548F0EF0F844 -- C:\WINDOWS\ie7updates\KB2530548-IE7\iexplore.exe
[2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E4A798DFDE7FE6E79F23548F0EF0F844 -- C:\WINDOWS\SoftwareDistribution\Download\119d2150a866d5a5cb5dede92281fda9\SP3GDR\iexplore.exe
[2006/03/15 23:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
[2008/08/23 00:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007/10/10 05:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe

< MD5 for: IEXPLORE.EXE.000 >
[2007/08/13 17:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB982381-IE7\iexplore.exe.000

< MD5 for: IEXPLORE.EXE.MUI >
[2007/08/13 17:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\e61f6a626d510cdf6c05275cfd960b\iexplore.exe.mui
[2007/08/13 17:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2006/10/17 12:04:26 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=E83C9C1F9DD9D47BB44871BFC7E69DDD -- C:\WINDOWS\ie7\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-0A31FE70.PF >
[2012/02/19 07:19:39 | 000,012,778 | ---- | M] () MD5=BA84E697BC621B9E29A59469CD8EB77D -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf

< MD5 for: IEXPLORE.EXE-12915967.PF >
[2012/02/19 07:19:36 | 000,012,976 | ---- | M] () MD5=A687D34016E5208E1CB0C3C70E802F08 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-12915967.pf

< MD5 for: IEXPLORE.EXE-12BBAE74.PF >
[2012/02/19 07:19:35 | 000,011,118 | ---- | M] () MD5=33923CE636784985DCE9F329EF5A9903 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-12BBAE74.pf

< MD5 for: IEXPLORE.EXE-27122324.PF >
[2012/02/19 07:39:38 | 000,110,890 | ---- | M] () MD5=A20D0396238D48D9E35937B7C79C1475 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf

< MD5 for: IEXPLORE.HL_ >
[2006/03/15 15:00:00 | 000,059,881 | ---- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:\I386\IEXPLORE.HL_

< MD5 for: IEXPLORE.HLP >
[2006/03/15 23:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EX_ >
[2006/03/15 15:00:00 | 000,261,115 | ---- | M] () MD5=F41C4F5745589D0BB8268C02B71594CA -- C:\I386\WINLOGON.EX_

< MD5 for: WINLOGON.EXE >
[2006/03/15 23:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

#27 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 19 February 2012 - 09:13 AM

Thanks for the logs. I have to prepare dinner now and then busy for a while so it will be later when I look at the logs and reply. Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#28 macdoo

Authentic Member

Authentic Member
70 posts

Posted 19 February 2012 - 09:17 AM

Refreshed browser on the infected computer to see if you were back and now "Internet Explorer cannot display the webpage". So I'm back on my netbook to post this. I was not prompted to restart after MBAM scan.

#29 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 20 February 2012 - 06:53 AM

Apologies for the delay but life gets in the way sometimes. ^_^

Reset your Router

This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labelled "reset" located on the back of the router. • press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
• if you don’t know the router's default password, you can look it up. HERE
• you also need to reconfigure any security settings you had in place prior to the reset.
• you may also need to consult with your Internet service provider to find out which DNS servers your network should be using.
=============================================

Run OTL

Double click on the icon to run it.

Copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services :OTL PRC - C:\Program Files\Vongo\VongoService.exe (Starz Entertainment Group LLC) MOD - C:\Program Files\Vongo\CaPolMgr.dll () MOD - C:\Program Files\Vongo\sqldrivers\qsqlite.dll () MOD - C:\Program Files\Vongo\qt-mt335.dll () SRV - (Vongo Service) -- C:\Program Files\Vongo\VongoService.exe (Starz Entertainment Group LLC CHR - default_search_provider: search_url = http://search.imesh.com/web?src=crb&sy...q={searchTerms} O4 - Startup: C:\Documents and Settings\Heidi Seitz\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz) FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search" FF - prefs.js..browser.search.order.1: "iMesh Web Search" [2011/02/21 17:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heidi Seitz\Application Data\imeshbandmltbpi :Files C:\Program Files\Vongo ipconfig /release /c ipconfig /renew /c ipconfig /flushdns /c :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Vongo\VongoService.exe" =- "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" =- :Commands [purity] [emptytemp] [resethosts] [Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

=============================================

Can you also tell me what these are shortcuts to:

0202020908.lnk
0130022044.lnk
1112090911a.lnk
0926001756.lnk

Logs to include in the next post:

OTL fix log
New OTL log

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#30 macdoo

Authentic Member

Authentic Member
70 posts

Posted 20 February 2012 - 03:15 PM

Just got home form work. Gonna try to get all the router settings and start on this. I will also check those short cuts. I hope I can get back to you before you're gone for the day. Sorry we are so polar opposite.

Body Background

skin color theme