Malwarebytes successfully blocked outgoing but Google search results still hijacked

[jennbee]

I followed the instructions from Bleeping Computer to remove malware from my partner's computer ( operating system XP) with hijacked Google search results, which included downloading Malwarebytes Anti-malware. The product successfully identified a number of suspect files etc and deleted these. Have happily purchased pro version, as our other antivirus clearly not up to the task on its own.

Browsers-IE8 and Chrome with Google search performed fine for about 5 min, then hijack occurred again. Firefox 21 is blocking the attempted redirects. Yes I know os and IE browser should be updated, but the computer is old and we can't afford to upgrade it just at the moment. Looking on Microsoft site it would seem that XP can't handle IE 9/10??

After closing browsers we noted that Malwarebytes blocked an outgoing attempt to contact malicious website with ip 46.183.217.242 - which ip-lookup.net identifies as being located in Latvia.

Following are the dds.txt and attach.text from affected computer

--

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by John at 18:50:06 on 2013-06-09

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.1016 [GMT 10:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\msdtc.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\Nuance\dgnsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton 360\Norton 360\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

C:\WINDOWS\system32\WFXSVC.EXE

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\WinFax\WFXMOD32.EXE

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\PROGRA~1\WinFax\WFXSWTCH.exe

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Norton 360\Norton 360\Engine\20.3.1.22\ccSvcHst.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\GPSoftware\Directory Opus\dopus.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\norton 360\engine\20.3.1.22\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\norton 360\engine\20.3.1.22\ips\IPSBHO.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: BigPond Wireless Broadband 2.0 Auto Dial: {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - c:\program files\telstra\bigpond wireless broadband 2.7.3\bpwbb2ad.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\norton 360\engine\20.3.1.22\CoIEPlg.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\norton 360\engine\20.3.1.22\CoIEPlg.dll

EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>

EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [OnlineTextBuddy] "c:\program files\telstra\onlinetextbuddy\OnlineTextBuddy.exe" /quiet

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

uRun: [DOpus] c:\program files\gpsoftware\directory opus\dopus.exe

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [WFXSwtch] c:\progra~1\winfax\WFXSWTCH.exe

mRun: [WinFaxAppPortStarter] wfxsnt40.exe

mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe

mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:149

uPolicies-Explorer: NoDriveAutoRun = dword:0

mPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:149

mPolicies-Explorer: NoDriveAutoRun = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: WinFax PRO IShellExecuteHook - {A213B520-C6C2-11d0-AF9D-008029E1027E} - c:\program files\winfax\WFXSEH32.DLL

LSA: Notification Packages = scecli scecli

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\john\application data\mozilla\firefox\profiles\ngsbf22n.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au

FF - plugin: c:\documents and settings\john\local settings\application data\abr\plug-in\bin\npAUSkeyPlugin.dll

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\common-use signing interface\bin\npCsiPlugin.dll

FF - plugin: c:\program files\erdas\image web server\firefox chrome plug-in\NP_NCS6.dll

FF - plugin: c:\program files\erdas\image web server\firefox chrome plug-in\NP_NCSPB6.dll

FF - plugin: c:\program files\erdas\image web server\firefox chrome plug-in\NP_NCSTB6.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll

FF - ExtSQL: 2013-06-08 08:47; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\IPSFFPlgn

FF - ExtSQL: 2013-06-08 16:09; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\coFFPlgn

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403010.016\SymDS.sys [2013-5-10 367704]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403010.016\SymEFA.sys [2013-5-10 934488]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\bashdefs\20130531.001\BHDrvx86.sys [2013-6-1 1002072]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1403010.016\ccSetx86.sys [2013-5-10 134304]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403010.016\Ironx86.sys [2013-5-10 175264]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-9 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-9 701512]

R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\20.3.1.22\ccSvcHst.exe [2013-5-10 144520]

R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-6-8 3574624]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\ipsdefs\20130607.001\IDSXpx86.sys [2013-6-8 373728]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-9 22856]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\virusdefs\20130608.009\NAVENG.SYS [2013-6-9 93272]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\virusdefs\20130608.009\NAVEX15.SYS [2013-6-9 1611992]

R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-4-6 20352]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-11-9 20160]

S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]

S3 CMTNF5500U;MAXON 5500 USB Modem Notify driver, workers;c:\windows\system32\drivers\CMT5500U.sys [2007-4-13 3408]

S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [2007-2-21 87424]

S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2006-12-13 87040]

S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-4-14 87936]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-14 27064]

.

=============== Created Last 30 ================

.

2013-06-09 02:34:15 396760 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symtdi.sys

2013-06-09 02:34:15 352344 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys

2013-06-09 02:34:15 339544 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symnets.sys

2013-06-09 02:34:15 21400 ----a-r- c:\windows\system32\drivers\n360\1404000.028\symelam.sys

2013-06-09 02:34:14 934488 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symefa.sys

2013-06-09 02:34:14 367704 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symds.sys

2013-06-09 02:34:14 32344 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtspx.sys

2013-06-09 02:34:13 603224 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtsp.sys

2013-06-09 02:34:13 175264 ----a-w- c:\windows\system32\drivers\n360\1404000.028\ironx86.sys

2013-06-09 02:34:13 134744 ----a-w- c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys

2013-06-09 02:32:52 14818 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symvtcer.dat

2013-06-09 02:32:51 -------- d-----w- c:\windows\system32\drivers\n360\1404000.028

2013-06-09 01:34:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-09 01:34:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-06-08 03:19:57 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-06-08 03:08:19 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2013-06-01 08:09:39 172032 --sha-r- c:\windows\system32\sdbinst5.dll

2013-06-01 08:09:39 172032 --sha-r- c:\windows\system32\acluin.dll

2013-05-17 22:50:58 106088 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-05-14 22:24:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-14 22:24:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-10 06:53:00 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17:14 43520 ------w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28:55 385024 ------w- c:\windows\system32\html.iec

2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr

2012-09-28 01:44:09 0 ----a-w- c:\program files\GUM6F.tmp

.

============= FINISH: 18:51:34.51 ===============

---

Attach

----

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/04/2007 6:59:59 AM

System Uptime: 9/06/2013 3:31:23 PM (3 hours ago)

.

Motherboard: Hewlett-Packard | | 30A3

Processor: Intel® Core™2 CPU T7200 @ 2.00GHz | U10 | 997/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 87 GiB total, 8.345 GiB free.

E: is FIXED (FAT32) - 6 GiB total, 0.557 GiB free.

J: is FIXED (FAT32) - 373 GiB total, 348.169 GiB free.

M: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom NetXtreme Gigabit Ethernet

Device ID: PCI\VEN_14E4&DEV_16FD&SUBSYS_30A3103C&REV_21\4&BF41672&0&00E0

Manufacturer: Broadcom

Name: Broadcom NetXtreme Gigabit Ethernet

PNP Device ID: PCI\VEN_14E4&DEV_16FD&SUBSYS_30A3103C&REV_21\4&BF41672&0&00E0

Service: b57w2k

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/Wireless 3945ABG Network Connection

Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135D103C&REV_02\4&4878531&0&00E1

Manufacturer: Intel Corporation

Name: Intel® PRO/Wireless 3945ABG Network Connection

PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135D103C&REV_02\4&4878531&0&00E1

Service: NETw5x32

.

Class GUID: {53D29EF7-377C-4D14-864B-EB3A85769359}

Description: AuthenTec Inc. AES2501.

Device ID: USB\VID_08FF&PID_2580\5&2DCB0CF8&0&1

Manufacturer: AuthenTec, Inc.

Name: AuthenTec Inc. AES2501.

PNP Device ID: USB\VID_08FF&PID_2580\5&2DCB0CF8&0&1

Service: ATSWPDRV

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\29B5130E23F99

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\29B5130E23F99

Service: NIC1394

.

Class GUID:

Description: Mass Storage Controller

Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A3103C&REV_00\4&2EC23395&0&32F0

Manufacturer:

Name: Mass Storage Controller

PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A3103C&REV_00\4&2EC23395&0&32F0

Service:

.

Class GUID:

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_104C&DEV_803D&SUBSYS_30A3103C&REV_00\4&2EC23395&0&34F0

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_104C&DEV_803D&SUBSYS_30A3103C&REV_00\4&2EC23395&0&34F0

Service:

.

==== System Restore Points ===================

.

RP1: 2/06/2013 9:24:48 AM - System Checkpoint

RP2: 3/06/2013 9:35:26 AM - System Checkpoint

RP3: 4/06/2013 10:15:08 AM - System Checkpoint

RP4: 5/06/2013 10:36:37 AM - System Checkpoint

RP5: 6/06/2013 11:46:43 AM - System Checkpoint

RP6: 7/06/2013 2:13:50 PM - System Checkpoint

RP7: 9/06/2013 2:33:51 PM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

ABBYY FineReader 9.0 Sprint

Acrobat.com

Activ8me Usage Meter

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.5 - CPSID_83708

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Recommended Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Extra Settings CS4

Adobe Community Help

Adobe Creative Suite 4 Design Premium

Adobe CSI CS4

Adobe Default Language CS4

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe Linguistics CS4

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader XI (11.0.03)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

Agere Systems HDA Modem

Application Installer 4.00.B5

ArcSoft PhotoImpression 6

ATI Catalyst Control Center

ATI Display Driver

AUSkey software 1.4.0.3

AutoUpdate

BigPond Wireless Broadband 2.10.6

Caere Scan Manager 4.0

Canon i80

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 1.1

Canon MP Navigator EX 2.1

Canon MX850 series

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

CCleaner

CD-LabelPrint

Common-Use Signing Interface

Compatibility Pack for the 2007 Office system

Concord WinFax Plugin v3.0

Connect

Critical Update for Windows Media Player 11 (KB959772)

CSI Management Utility

Diskeeper Home Edition

DivX

Document Capture Pro

Dragon NaturallySpeaking 11

ECI Client v6.0

ePrism

ERDAS ECW JPEG 2000 Plug-in for Firefox & Chrome

ERDAS ECW JPEG 2000 Plug-in for Internet Explorer

Fingerprint Sensor Minimum Install

GearDrvs

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GPSoftware Directory Opus

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Backup and Recovery Manager Installer

HP Integrated Module with Bluetooth wireless technology

HP Mobile Data Protection System

HP Quick Launch Buttons 6.00 D2

HP Update

HPDiagnosticAlert

HpSdpAppCoreApp

i80 Setup Utility

InstantShareAlert

IP-P2P

J2SE Runtime Environment 5.0 Update 8

Java™ 6 Update 2

Java™ 6 Update 29

Java™ 6 Update 3

Java™ 6 Update 5

Java™ 6 Update 7

Java™ SE Runtime Environment 6 Update 1

Jaws PDF Creator

kuler

LG Internetkit

LG PhoneManager

LG SyncManager

LG USB Modem driver

LiveReg (Symantec Corporation)

LiveUpdate (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

MailWasher 2.0.14 beta

Malwarebytes Anti-Malware version 1.75.0.1300

Maxtor Backup

Maxtor OneTouch III

Memories Disc Creator 2.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft IntelliPoint 5.3

Microsoft IntelliType Pro 5.3

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Office Project Professional 2003

Microsoft Outlook Personal Folders Backup

Microsoft Silverlight

Microsoft Sync Framework 2.0 Core Components (x86) ENU

Microsoft Sync Framework 2.0 Provider Services (x86) ENU

Microsoft Sync Framework Runtime v1.0 (x86)

Microsoft Sync Framework Services v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSVCSetup

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

MYOB AccountRight Plus v19

Nero 6 Enterprise Edition

Norton 360

OGA Notifier 2.0.0048.0

OmniPage SE

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

overland

OVT Scanner X86

PaperPort 7.02

PaperPort Image Printer

Password Unmask 2.0

PDF Settings CS4

PDFCreator

Photoshop Camera Raw

Picasa 2

Picasa 3

PowerDVD

Presto! PageManager 7.15.20

QuickTime Alternative 1.69

Revo Uninstaller Pro 2.5.9

ScanSoft PaperPort 11

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype™ 5.10

SoundMAX

Suite Shared Configuration CS4

Symantec WinFax PRO

Synaptics Pointing Device Driver

SyncToy 2.1 (x86)

TeamViewer 8

Telstra Online Text Buddy 1.0

Uninstall OVT Scanner

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 8.0 ATL (x86) WinSXS MSM

Visual C++ 8.0 CRT (x86) WinSXS MSM

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell™ 1.0

Windows Presentation Foundation

Windows XP Service Pack 3

WordWeb

XML Paper Specification Shared Components Pack 1.0

Xobni Core

xp-AntiSpy (remove only)

Xteq-dotec X-Setup Pro 6.6.300.Final1

ZipGenius 6 (6.0.2.1041)

.

==== Event Viewer Messages From Past Week ========

.

9/06/2013 8:51:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR322.SYS' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

9/06/2013 11:08:48 AM, error: Service Control Manager [7034] - The WinFax PRO service terminated unexpectedly. It has done this 1 time(s).

9/06/2013 11:08:43 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

8/06/2013 4:11:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde PCIIde ViaIde

8/06/2013 12:55:23 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

7/06/2013 6:56:34 AM, error: Dhcp [1002] - The IP address lease 192.168.5.3 for the Network Card with network address 0018DECE9EA0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/06/2013 6:18:25 PM, error: SRTSP [4] - Error loading virus definitions.

2/06/2013 5:46:20 PM, error: Service Control Manager [7023] - The Diskeeper service terminated with the following error: The file can not be accessed by the system.

2/06/2013 5:01:32 PM, error: Service Control Manager [7000] - The Logitech Process Monitor service failed to start due to the following error: The system cannot find the file specified.

2/06/2013 5:01:32 PM, error: Service Control Manager [7000] - The Logitech Bluetooth Service service failed to start due to the following error: The system cannot find the file specified.

2/06/2013 5:00:38 PM, error: Dhcp [1002] - The IP address lease 10.0.0.1 for the Network Card with network address 0018DECE9EA0 has been denied by the DHCP server 192.168.5.100 (The DHCP Server sent a DHCPNACK message).

2/06/2013 11:15:31 AM, error: Service Control Manager [7022] - The hpqwmiex service hung on starting.

.

==== End Of File ===========================

[D-FRED-BROWN]

Hello jennbee and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

----------Step 5----------------

In your next reply, please include the following:

• TDSSKiller's logfile
  
• MBAR mbar-log.txt and system-log.txt
  
• ComboFix's report (C:\ComboFix.txt)
  
• Security Check checkup.txt
  

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[jennbee]

Hi D-FRED-BROWN

Thanks for this - unfortunately I'm about 300 miles away from the computer until the weekend... I don't think I can talk the other half through all the steps over the phone. Can you leave topic open until Saturday so I get the chance to implement.

JB

[D-FRED-BROWN]

Sure thing. Keep me posted.

[jennbee]

Have now run thru steps from your post 10 June. Programs in steps 1 and 2 did not detect any malware.

Attaching all files rather than copy and paste - hope this okay

Have tested IE and FireFox - browser redirect now seems resolved. Will have to wait to see if there is any attempt by computer to connect to previously mentioned IP address.

Would be interested to know what log files from programs reveal.

Thanks for your help

jenbee

TDSSKiller.2.8.18.0_14.06.2013_10.44.25_log.txt

ComboFix.txt

checkup.txt

mbar-log-2013-06-14 (10-50-08).txt

system-log.txt

[D-FRED-BROWN]

Looks better, but we still have some more malware to remove.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

c:\program files\GUM6F.tmp

C:\Windows\System32\Drivers\60614902.sys

Driver::

60614902

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

[jennbee]

Hi again,

Attached latest ComboFix.txt file

Note that when I rant through this process, Combo Fix still reported that Norton Antivirus was enabled despite the fact that I had definitely disabled it. Not sure whether this will have had any impact.

ComboFix.txt

[jennbee]

I should have also added that we've had a recurrence of the browsers being hijacked despite initially being resolved yesterday. It now seems a bit worse as even when we enter selected URLs directly in the address bar, redirection occurs.

jennbee

[D-FRED-BROWN]

We're on the right track

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the contents of that logfile with your next reply.
  
• You can find the logfile at C:\AdwCleaner[R1].txt as well.
  

----------Step 2----------------

We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  
  • Main Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the OTL icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Change the "Extra Registry" option to "SafeList"

  [*]Push the Run Scan button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

----------Step 3 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
    

  [*]Check

  [*]Click the button.

  [*]Accept any security warnings from your browser.

  [*]Check

  [*]Push the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push

  [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Push the button.

  [*]Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 4----------------

Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

[jennbee]

Part 1 of reply

Note AdwCleaner file is R2 as I had used the program prior to starting this post.

---

OTL. txt

OTL logfile created on: 15/06/2013 3:29:57 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\John\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 53.91% Memory free

3.35 Gb Paging File | 2.48 Gb Available in Paging File | 73.95% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 87.46 Gb Total Space | 9.14 Gb Free Space | 10.45% Space Free | Partition Type: NTFS

Drive E: | 5.68 Gb Total Space | 0.56 Gb Free Space | 9.80% Space Free | Partition Type: FAT32

Drive J: | 372.52 Gb Total Space | 348.17 Gb Free Space | 93.46% Space Free | Partition Type: FAT32

Computer Name: JFLAPTOP2 | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/15 15:28:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe

PRC - [2013/05/21 14:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\ccsvchst.exe

PRC - [2013/05/12 08:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2013/04/23 17:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2010/07/24 02:46:02 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2010/07/23 12:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/07/07 02:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/22 08:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2006/10/30 15:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

PRC - [2006/09/20 07:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

PRC - [2006/02/16 08:43:16 | 000,892,928 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe

PRC - [2006/02/15 16:16:02 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2006/02/15 16:14:44 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2006/02/15 10:56:40 | 000,184,320 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

PRC - [2006/02/07 15:10:14 | 000,106,496 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

PRC - [2006/01/17 15:01:46 | 000,053,248 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe

PRC - [2005/08/13 07:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

PRC - [2005/07/26 17:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe

PRC - [2005/04/07 13:13:08 | 000,839,680 | ---- | M] (Telstra) -- C:\Program Files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe

PRC - [2005/01/12 14:29:16 | 003,219,456 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopus.exe

PRC - [2003/05/08 11:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

PRC - [2002/12/12 22:45:00 | 000,541,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE

PRC - [2002/12/12 22:45:00 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WFXSNT40.EXE

PRC - [2002/12/12 22:45:00 | 000,028,160 | ---- | M] () -- C:\Program Files\WinFax\WFXSWTCH.exe

PRC - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE

========== Modules (No Company Name) ==========

MOD - [2013/05/12 08:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2013/01/09 09:22:28 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a2c78200\mscorlib.dll

MOD - [2013/01/09 09:22:22 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_fc681141\system.drawing.dll

MOD - [2013/01/09 09:21:42 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_49a6b5f1\system.xml.dll

MOD - [2013/01/09 09:21:29 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bd01061c\system.windows.forms.dll

MOD - [2013/01/09 09:16:26 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b3babf68\system.dll

MOD - [2013/01/09 09:16:17 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll

MOD - [2013/01/09 09:16:16 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll

MOD - [2013/01/09 09:16:15 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll

MOD - [2013/01/09 09:16:14 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll

MOD - [2012/05/31 00:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\wincfi39.dll

MOD - [2009/02/27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU

MOD - [2009/02/27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA

MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2006/10/30 15:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

MOD - [2006/09/20 07:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

MOD - [2006/04/14 19:30:39 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll

MOD - [2006/04/14 19:30:38 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll

MOD - [2006/04/14 19:30:38 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll

MOD - [2006/02/16 08:43:16 | 000,892,928 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe

MOD - [2006/02/15 10:56:40 | 000,184,320 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

MOD - [2005/10/20 03:17:58 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll

MOD - [2002/12/12 22:45:00 | 000,028,160 | ---- | M] () -- C:\Program Files\WinFax\WFXSWTCH.exe

MOD - [2002/12/12 22:44:48 | 001,576,448 | ---- | M] () -- C:\Program Files\WinFax\DCCDA32I.DLL

MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll

MOD - [2000/09/28 23:58:40 | 000,228,864 | ---- | M] () -- C:\Program Files\WinFax\WFXVW32I.DLL

MOD - [2000/09/28 23:58:38 | 000,199,680 | ---- | M] () -- C:\Program Files\WinFax\WFXPDK32.DLL

MOD - [2000/09/28 23:58:38 | 000,012,800 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL

MOD - [2000/09/28 23:58:34 | 000,142,336 | ---- | M] () -- C:\Program Files\WinFax\SENGINE.DLL

MOD - [2000/09/28 23:58:32 | 000,392,192 | ---- | M] () -- C:\Program Files\WinFax\DCCTBP32.DLL

MOD - [1998/10/05 14:55:26 | 000,072,704 | ---- | M] () -- C:\WINDOWS\system32\ip-p2p.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)

SRV - [2013/06/12 13:24:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/21 14:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)

SRV - [2013/05/12 08:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/04/23 17:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/03/04 12:09:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/07/23 12:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2008/02/22 08:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)

SRV - [2006/02/15 10:56:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)

SRV - [2006/02/07 15:10:14 | 000,106,496 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)

SRV - [2005/07/26 17:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tifm21.sys -- (tifm21)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302AV.SYS -- (PID_08A0)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\John\LOCALS~1\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/06/11 07:35:29 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2013/06/01 02:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2013/05/25 10:48:38 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130608.009\NAVEX15.SYS -- (NAVEX15)

DRV - [2013/05/25 10:48:38 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2013/05/25 10:48:38 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2013/05/25 10:48:38 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130608.009\NAVENG.SYS -- (NAVENG)

DRV - [2013/05/23 15:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)

DRV - [2013/05/21 15:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symds.sys -- (SymDS)

DRV - [2013/05/16 15:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)

DRV - [2013/05/09 08:39:04 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130614.001\IDSXpx86.sys -- (IDSxpx86)

DRV - [2013/04/25 10:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symtdi.sys -- (SYMTDI)

DRV - [2013/04/16 12:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/03/05 11:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)

DRV - [2013/03/05 11:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)

DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)

DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)

DRV - [2008/05/09 00:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/04/28 19:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2007/10/31 17:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)

DRV - [2007/07/13 16:25:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2007/06/22 09:54:32 | 000,087,424 | ---- | M] (Cmotech Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbnet.sys -- (cmusbnet)

DRV - [2006/12/13 18:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (usbser)

DRV - [2006/12/13 18:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)

DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2006/10/13 05:49:00 | 000,020,352 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swivspnt.sys -- (swivsp)

DRV - [2006/07/31 22:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)

DRV - [2006/03/11 11:12:54 | 000,130,048 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)

DRV - [2006/03/03 08:45:14 | 001,480,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/15 15:59:52 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2006/02/15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2006/02/15 15:54:46 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2006/02/15 15:54:10 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2006/02/15 15:51:22 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2006/02/09 11:00:04 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2006/01/30 11:00:04 | 001,120,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/01/19 23:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)

DRV - [2006/01/10 18:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2006/01/10 18:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2005/09/20 06:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)

DRV - [2005/09/20 06:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2005/06/10 23:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2005/05/31 20:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)

DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2005/04/06 14:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)

DRV - [2004/10/08 11:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/06/18 22:38:48 | 000,003,408 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CMT5500U.sys -- (CMTNF5500U)

DRV - [2001/08/18 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/17 11:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKLM\..\SearchScopes\{A55A34F3-0E12-424F-B4CB-12AD48CCD164}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\..\SearchScopes,DefaultScope = {A55A34F3-0E12-424F-B4CB-12AD48CCD164}

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\..\SearchScopes\{05CB6426-92CA-4029-834D-BE3AA42ED8DC}: "URL" = http://www.google.co...1I7GGLR_enAU277

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\..\SearchScopes\{2D984492-1C99-4059-9C7B-D2A7BE9CEE3E}: "URL" = http://au.search.yah...p={searchTerms}

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...on=2.5.7002.477

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\..\SearchScopes\{A55A34F3-0E12-424F-B4CB-12AD48CCD164}: "URL" = http://www.google.co...1I7GGLR_enAU277

IE - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)

FF - HKLM\Software\MozillaPlugins\@erdas.com/ERDAS Image Web Server ECW JPEG2000 Plugin,version=11.0: C:\Program Files\ERDAS\Image Web Server\Firefox Chrome Plug-in\NP_NCS6.dll (ERDAS)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Documents and Settings\John\Local Settings\Application Data\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/06/15 11:37:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/05/10 16:58:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/18 08:50:59 | 000,000,000 | ---D | M]

[2013/06/08 16:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions

[2012/10/14 10:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\r23u02ms.default\extensions

[2013/06/08 16:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2013/06/08 16:42:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = C:\Documents and Settings\John\Local Settings\Application Data\ABR\Plug-In\bin\npAUSkeyPlugin.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: CSI Mozilla Plugin (Enabled) = C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll

CHR - plugin: Image Web Server plugin, Build 11,0,1,250 (Enabled) = C:\Program Files\ERDAS\Image Web Server\Firefox Chrome Plug-in\NP_NCS6.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

CHR - Extension: Docs = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\

CHR - Extension: Google Drive = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: YouTube = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Norton Identity Protection = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\

CHR - Extension: Gmail = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/15 11:35:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (BigPond Wireless Broadband 2.0 Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.7.3\bpwbb2ad.dll (Telstra)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)

O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)

O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corp.)

O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [WFXSwtch] C:\Program Files\WinFax\WFXSWTCH.exe ()

O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()

O4 - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)

O4 - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005..\Run: [OnlineTextBuddy] C:\Program Files\Telstra\OnlineTextBuddy\OnlineTextBuddy.exe (Telstra)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2409280275-1525361949-4019512156-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEA54616-4194-41B6-AF57-F3B3631FC52A}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 23:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk /r \??\G:)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/15 15:28:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe

[2013/06/15 15:23:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/06/15 11:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2013/06/15 11:32:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2013/06/14 11:49:07 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/06/14 11:44:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/06/14 11:44:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/06/14 11:44:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/06/14 11:44:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/06/14 11:39:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/06/14 11:38:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/06/14 11:34:38 | 005,080,197 | R--- | C] (Swearware) -- C:\Documents and Settings\John\Desktop\ComboFix.exe

[2013/06/14 10:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

[2013/06/13 10:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\APN

[2013/06/13 10:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Start Menu\Programs\Activ8me

[2013/06/13 09:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Gregorys Investments Debtor's Ledger Report June 2013_files

[2013/06/13 09:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Properties Debtor's Ledger Report June 2013_files

[2013/06/13 09:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Motors Wholesale Debtor's Ledger Report June 2013_files

[2013/06/13 09:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Motors Debtor's Ledger Report June 2013_files

[2013/06/13 09:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Duncan Motor Co Debtor's Ledger Report June 2013_files

[2013/06/09 11:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/06/09 11:34:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/06/09 11:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/06/08 17:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8

[2013/06/08 16:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2013/06/08 13:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

[2013/06/08 13:19:57 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2013/06/08 13:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2013/06/07 07:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Christine Hunt

[2013/05/20 11:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\My Music

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/15 15:28:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe

[2013/06/15 15:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/06/15 15:19:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/15 12:41:55 | 000,000,564 | ---- | M] () -- C:\WINDOWS\MYOBP.INI

[2013/06/15 12:41:38 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI

[2013/06/15 11:56:24 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Outlook.lnk

[2013/06/15 11:35:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/06/15 11:35:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/06/15 11:35:06 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/15 11:34:44 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Uggc.job

[2013/06/15 11:34:43 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\xxjlbrmdll.job

[2013/06/15 11:34:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/06/15 11:34:37 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/14 13:21:44 | 000,002,547 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Activ8me Usage Meter.lnk

[2013/06/14 12:12:17 | 000,890,839 | ---- | M] () -- C:\Documents and Settings\John\Desktop\SecurityCheck.exe

[2013/06/14 11:49:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/06/14 11:48:32 | 000,431,804 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/06/14 11:48:32 | 000,071,072 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/06/14 11:35:23 | 005,080,197 | R--- | M] (Swearware) -- C:\Documents and Settings\John\Desktop\ComboFix.exe

[2013/06/14 09:53:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Word.lnk

[2013/06/14 08:50:01 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Excel.lnk

[2013/06/13 16:39:45 | 000,014,260 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Part Interest Properties $2700 June 13th 2013.pdf

[2013/06/13 09:41:36 | 000,008,631 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Gregorys Investments Debtor's Ledger Report June 2013.htm

[2013/06/13 09:40:26 | 000,008,377 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Properties Debtor's Ledger Report June 2013.htm

[2013/06/13 09:38:56 | 000,008,556 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Motors Wholesale Debtor's Ledger Report June 2013.htm

[2013/06/13 09:37:49 | 000,008,285 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Motors Debtor's Ledger Report June 2013.htm

[2013/06/13 09:31:14 | 000,008,552 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Duncan Motor Co Debtor's Ledger Report June 2013.htm

[2013/06/12 20:18:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2013/06/12 14:36:19 | 000,793,345 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Cudal Gardens Estate Stage 1 LP Sold Lots TW .pdf

[2013/06/12 13:24:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/06/12 13:24:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/06/12 07:13:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2013/06/12 07:01:40 | 000,750,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\Cat.DB

[2013/06/12 06:59:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/06/11 15:51:35 | 000,002,543 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Telstra Text Buddy.lnk

[2013/06/11 10:37:12 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK

[2013/06/11 07:35:29 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2013/06/11 07:35:29 | 000,007,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2013/06/11 07:35:29 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2013/06/09 16:57:37 | 000,103,914 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Sample Nerriga Marys 1A & 1B Auction Add by Selling Agent Wood.jpg

[2013/06/09 11:34:36 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/09 11:14:27 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\John\Desktop\AdwCleaner.exe

[2013/06/09 08:52:10 | 003,612,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/06/08 17:37:45 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk

[2013/06/08 16:42:30 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/06/08 16:42:30 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2013/06/08 15:44:52 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/06/08 13:28:47 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2013/06/08 13:19:57 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe

[2013/06/07 10:06:23 | 001,869,375 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Month-In-Review-June-2013.pdf

[2013/06/05 20:01:35 | 000,325,984 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Michelle Millynn Mortgage ACT 37 Tullaroop Street Duffy.pdf

[2013/06/05 19:59:58 | 000,288,755 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Michelle Millynn Caveat ACT 37 Tullaroop Street Duffy.pdf

[2013/06/04 16:36:13 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\isolate.ini

[2013/06/03 17:44:04 | 000,268,517 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Caveat ACT.pdf

[2013/06/03 17:39:59 | 000,308,010 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Mortgage ACT.pdf

[2013/06/01 18:09:39 | 000,172,032 | RHS- | M] () -- C:\WINDOWS\System32\sdbinst5.dll

[2013/06/01 18:09:39 | 000,172,032 | RHS- | M] () -- C:\WINDOWS\System32\acluin.dll

[2013/05/31 12:19:42 | 000,359,479 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Findley Super Fund Deed of Loan AGMC June 26th 2012.pdf

[2013/05/30 09:15:44 | 000,035,064 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Division 7A - benchmark interest rates.pdf

[2013/05/29 09:06:40 | 004,283,444 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Wuhle BMM Loan Application Final April 19th 2013 S Murray.pdf

[2013/05/25 15:13:09 | 001,316,259 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Wuhle Holdings PL C C Capital Mortgage Trust Loan Application Enquiry May 17th 2013 Pages 1 to 4 & Guarantee A & L.pdf

[2013/05/24 13:19:55 | 000,449,705 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Termination Letter De Lage Landen Computers May 2013.pdf

[2013/05/24 12:09:47 | 000,008,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.cat

[2013/05/23 15:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.sys

[2013/05/23 15:25:28 | 000,007,583 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.cat

[2013/05/23 15:25:28 | 000,003,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symefa.inf

[2013/05/22 09:35:35 | 000,017,549 | ---- | M] () -- C:\Documents and Settings\John\My Documents\St George Bank Accounts May 2013.pdf

[2013/05/21 18:15:26 | 000,085,927 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Win a Swift Alpine Caravan Competition Entry Drawn July 23rd 2013.pdf

[2013/05/21 15:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.sys

[2013/05/21 15:02:00 | 000,002,852 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\symds.inf

[2013/05/21 14:40:20 | 000,008,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1404000.028\srtsp.cat

[2013/05/20 12:13:24 | 000,549,537 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Wendy's Mastercard May 2013.pdf

[2013/05/18 08:07:22 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/14 12:12:17 | 000,890,839 | ---- | C] () -- C:\Documents and Settings\John\Desktop\SecurityCheck.exe

[2013/06/14 11:49:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013/06/14 11:49:09 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/06/14 11:44:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/06/14 11:44:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/06/14 11:44:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/06/14 11:44:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/06/14 11:44:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/06/13 16:39:45 | 000,014,260 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Part Interest Properties $2700 June 13th 2013.pdf

[2013/06/13 10:37:03 | 000,002,547 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Activ8me Usage Meter.lnk

[2013/06/13 09:41:36 | 000,008,631 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Gregorys Investments Debtor's Ledger Report June 2013.htm

[2013/06/13 09:40:26 | 000,008,377 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Properties Debtor's Ledger Report June 2013.htm

[2013/06/13 09:38:56 | 000,008,556 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Motors Wholesale Debtor's Ledger Report June 2013.htm

[2013/06/13 09:35:38 | 000,008,285 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Motors Debtor's Ledger Report June 2013.htm

[2013/06/13 09:31:14 | 000,008,552 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Duncan Motor Co Debtor's Ledger Report June 2013.htm

[2013/06/09 16:57:37 | 000,103,914 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Sample Nerriga Marys 1A & 1B Auction Add by Selling Agent Wood.jpg

[2013/06/09 11:34:36 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/09 11:14:18 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\John\Desktop\AdwCleaner.exe

[2013/06/08 17:37:45 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk

[2013/06/08 16:42:30 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/06/08 16:42:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2013/06/08 16:42:30 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2013/06/08 13:28:48 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/06/08 13:28:46 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2013/06/07 10:06:23 | 001,869,375 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Month-In-Review-June-2013.pdf

[2013/06/05 20:01:35 | 000,325,984 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Michelle Millynn Mortgage ACT 37 Tullaroop Street Duffy.pdf

[2013/06/05 19:59:58 | 000,288,755 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Michelle Millynn Caveat ACT 37 Tullaroop Street Duffy.pdf

[2013/06/02 11:39:23 | 000,308,010 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Mortgage ACT.pdf

[2013/06/02 11:35:27 | 000,268,517 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Caveat ACT.pdf

[2013/06/01 18:09:40 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\xxjlbrmdll.job

[2013/06/01 18:09:39 | 000,172,032 | RHS- | C] () -- C:\WINDOWS\System32\sdbinst5.dll

[2013/06/01 18:09:39 | 000,172,032 | RHS- | C] () -- C:\WINDOWS\System32\acluin.dll

[2013/06/01 18:09:39 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\Uggc.job

[2013/05/31 12:19:42 | 000,359,479 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Findley Super Fund Deed of Loan AGMC June 26th 2012.pdf

[2013/05/30 09:15:44 | 000,035,064 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Division 7A - benchmark interest rates.pdf

[2013/05/29 09:06:40 | 004,283,444 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Wuhle BMM Loan Application Final April 19th 2013 S Murray.pdf

[2013/05/25 15:04:38 | 001,316,259 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Wuhle Holdings PL C C Capital Mortgage Trust Loan Application Enquiry May 17th 2013 Pages 1 to 4 & Guarantee A & L.pdf

[2013/05/24 13:19:45 | 000,449,705 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Termination Letter De Lage Landen Computers May 2013.pdf

[2013/05/22 09:35:35 | 000,017,549 | ---- | C] () -- C:\Documents and Settings\John\My Documents\St George Bank Accounts May 2013.pdf

[2013/05/21 18:15:26 | 000,085,927 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Win a Swift Alpine Caravan Competition Entry Drawn July 23rd 2013.pdf

[2013/05/20 12:13:24 | 000,549,537 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Wendy's Mastercard May 2013.pdf

[2012/02/15 19:49:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/14 19:48:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll

[2012/02/13 20:08:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

[2011/05/19 13:51:53 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/05/19 13:46:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/11/20 10:37:53 | 000,003,474 | ---- | C] () -- C:\Documents and Settings\John\Application Data\SAS7_000.DAT

[2009/11/22 08:37:21 | 000,320,194 | RH-- | C] () -- C:\Documents and Settings\John\Backup Status

[2008/08/15 06:32:16 | 000,009,846 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

[2007/04/08 20:31:38 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/05 23:48:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/07 23:09:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 22:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8

< End of report >

AdwCleanerR2.txt

[jennbee]

Part 2

--

Extras file text

OTL Extras logfile created on: 15/06/2013 3:29:57 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\John\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 53.91% Memory free

3.35 Gb Paging File | 2.48 Gb Available in Paging File | 73.95% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 87.46 Gb Total Space | 9.14 Gb Free Space | 10.45% Space Free | Partition Type: NTFS

Drive E: | 5.68 Gb Total Space | 0.56 Gb Free Space | 9.80% Space Free | Partition Type: FAT32

Drive J: | 372.52 Gb Total Space | 348.17 Gb Free Space | 93.46% Space Free | Partition Type: FAT32

Computer Name: JFLAPTOP2 | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1976B721-8F15-4B86-92D2-725364AF8CE0}" = AUSkey software 1.4.0.3

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 29

"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2F0D3C9E-4FB6-4A14-B0C4-42328F570177}" = Fingerprint Sensor Minimum Install

"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 D2

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology

"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking

"{52842271-922C-4907-8573-9F57A546509A}" = BigPond Wireless Broadband 2.10.6

"{53C398FE-CD56-412E-B3C7-B27F4B8B07D1}" = Microsoft IntelliType Pro 5.3

"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus

"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR

"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3

"{5EE65592-88FD-48AA-98CA-EE9BDB1FF518}" = LG PhoneManager

"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III

"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9

"{67ECDB7E-24E0-4A80-81EE-ED2DF1352D27}" = LG Internetkit

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6935D3CC-C5B6-45AE-9E59-3651B14D6F0A}" = Activ8me Usage Meter

"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System

"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{913B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003

"{92636B62-9423-4246-82FE-69E2F4158350}" = LG SyncManager

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup

"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)

"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup

"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium

"{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A55EEB39-D37A-422C-82A6-2454BCAA3459}" = Document Capture Pro

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFA679D8-5216-4E10-B7D3-BA4033A6991E}" = i80 Setup Utility

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20

"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU

"{D56401D6-E356-4CA5-97A3-024D666F5E5C}" = ArcSoft PhotoImpression 6

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DC970EE0-4C92-4CDE-A323-0E2F1552C35E}" = Telstra Online Text Buddy 1.0

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0

"{DF5188CA-591F-40DB-8994-16EEEE687DDC}" = LG PhoneManager

"{DFEDA4ED-E67D-4E5E-8FDE-C628B4DCA01B}" = ATI Catalyst Control Center

"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.2.1041)

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F33552CB-4B12-4B27-8211-384F623E79EA}" = Diskeeper Home Edition

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"ATI Display Driver" = ATI Display Driver

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CANONBJ_Deinstall_CNMCP5u.DLL" = Canon i80

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Common-Use Signing Interface" = Common-Use Signing Interface

"CSI" = CSI Management Utility

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ERDAS ECW JPEG 2000 Plug-in for Firefox & Chrome" = ERDAS ECW JPEG 2000 Plug-in for Firefox & Chrome

"ERDAS ECW JPEG 2000 Plug-in for Internet Explorer" = ERDAS ECW JPEG 2000 Plug-in for Internet Explorer

"Google Chrome" = Google Chrome

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III

"InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19

"InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup

"LiveReg" = LiveReg (Symantec Corporation)

"MailWasher_is1" = MailWasher 2.0.14 beta

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MediaNavigation.CDLabelPrint" = CD-LabelPrint

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1

"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"N360" = Norton 360

"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Password Unmask 2.0" = Password Unmask 2.0

"Picasa 3" = Picasa 3

"Picasa2" = Picasa 2

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"QuicktimeAlt_is1" = QuickTime Alternative 1.69

"ScMgr30Uninstall" = Caere Scan Manager 4.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 8" = TeamViewer 8

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinFax" = Symantec WinFax PRO

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"WordWeb" = WordWeb

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"xqdcXSP_is1" = Xteq-dotec X-Setup Pro 6.6.300.Final1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2409280275-1525361949-4019512156-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ePrism" = ePrism

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 15/05/2013 5:32:12 PM | Computer Name = JFLAPTOP2 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 17/05/2013 7:01:24 PM | Computer Name = JFLAPTOP2 | Source = Microsoft Office 11 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 25/05/2013 10:24:02 PM | Computer Name = JFLAPTOP2 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 8/06/2013 8:16:35 PM | Computer Name = JFLAPTOP2 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 12/06/2013 8:25:04 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11706

Description = Product: Activ8me Usage Meter -- Error 1706. An installation package

for the product Activ8me Usage Meter cannot be found. Try the installation again

using a valid copy of the installation package 'MSI9F.tmp'.

Error - 12/06/2013 8:26:25 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11706

Description = Product: Activ8me Usage Meter -- Error 1706. An installation package

for the product Activ8me Usage Meter cannot be found. Try the installation again

using a valid copy of the installation package 'MSI9F.tmp'.

Error - 12/06/2013 8:27:01 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11706

Description = Product: Activ8me Usage Meter -- Error 1706. An installation package

for the product Activ8me Usage Meter cannot be found. Try the installation again

using a valid copy of the installation package 'MSI9F.tmp'.

Error - 12/06/2013 8:27:50 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11706

Description = Product: Activ8me Usage Meter -- Error 1706. An installation package

for the product Activ8me Usage Meter cannot be found. Try the installation again

using a valid copy of the installation package 'MSI9F.tmp'.

Error - 12/06/2013 8:36:00 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11316

Description = Product: Activ8me Usage Meter -- Error 1316. A network error occurred

while attempting to read from the file: C:\DOCUME~1\John\LOCALS~1\Temp\MSI9F.tmp

Error - 14/06/2013 4:48:20 AM | Computer Name = JFLAPTOP2 | Source = Microsoft Office 11 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

[ System Events ]

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7034

Description = The Message Queuing service terminated unexpectedly. It has done

this 1 time(s).

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7034

Description = The hpqwmiex service terminated unexpectedly. It has done this 1

time(s).

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7034

Description = The Message Queuing Triggers service terminated unexpectedly. It

has done this 1 time(s).

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7034

Description = The Application Layer Gateway Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7031

Description = The Bluetooth Service service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7031

Description = The TeamViewer 8 service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 2000 milliseconds:

Restart the service.

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7031

Description = The Norton 360 service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 120000 milliseconds:

Restart the service.

Error - 14/06/2013 9:35:03 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7000

Description = The Logitech Bluetooth Service service failed to start due to the

following error: %%2

Error - 14/06/2013 9:35:03 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

Error - 14/06/2013 11:34:30 PM | Computer Name = JFLAPTOP2 | Source = SRTSP | ID = 524292

Description = Error loading virus definitions.

< End of report >

ESET found no threats so no file produced - see screenshot

[jennbee]

Part 2

OTL Extras logfile created on: 15/06/2013 3:29:57 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\John\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 53.91% Memory free

3.35 Gb Paging File | 2.48 Gb Available in Paging File | 73.95% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 87.46 Gb Total Space | 9.14 Gb Free Space | 10.45% Space Free | Partition Type: NTFS

Drive E: | 5.68 Gb Total Space | 0.56 Gb Free Space | 9.80% Space Free | Partition Type: FAT32

Drive J: | 372.52 Gb Total Space | 348.17 Gb Free Space | 93.46% Space Free | Partition Type: FAT32

Computer Name: JFLAPTOP2 | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1976B721-8F15-4B86-92D2-725364AF8CE0}" = AUSkey software 1.4.0.3

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 29

"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2F0D3C9E-4FB6-4A14-B0C4-42328F570177}" = Fingerprint Sensor Minimum Install

"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 D2

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology

"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking

"{52842271-922C-4907-8573-9F57A546509A}" = BigPond Wireless Broadband 2.10.6

"{53C398FE-CD56-412E-B3C7-B27F4B8B07D1}" = Microsoft IntelliType Pro 5.3

"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus

"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR

"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3

"{5EE65592-88FD-48AA-98CA-EE9BDB1FF518}" = LG PhoneManager

"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III

"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9

"{67ECDB7E-24E0-4A80-81EE-ED2DF1352D27}" = LG Internetkit

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6935D3CC-C5B6-45AE-9E59-3651B14D6F0A}" = Activ8me Usage Meter

"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System

"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{913B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003

"{92636B62-9423-4246-82FE-69E2F4158350}" = LG SyncManager

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup

"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)

"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup

"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium

"{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A55EEB39-D37A-422C-82A6-2454BCAA3459}" = Document Capture Pro

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFA679D8-5216-4E10-B7D3-BA4033A6991E}" = i80 Setup Utility

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20

"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU

"{D56401D6-E356-4CA5-97A3-024D666F5E5C}" = ArcSoft PhotoImpression 6

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DC970EE0-4C92-4CDE-A323-0E2F1552C35E}" = Telstra Online Text Buddy 1.0

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0

"{DF5188CA-591F-40DB-8994-16EEEE687DDC}" = LG PhoneManager

"{DFEDA4ED-E67D-4E5E-8FDE-C628B4DCA01B}" = ATI Catalyst Control Center

"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.2.1041)

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F33552CB-4B12-4B27-8211-384F623E79EA}" = Diskeeper Home Edition

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"ATI Display Driver" = ATI Display Driver

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CANONBJ_Deinstall_CNMCP5u.DLL" = Canon i80

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Common-Use Signing Interface" = Common-Use Signing Interface

"CSI" = CSI Management Utility

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ERDAS ECW JPEG 2000 Plug-in for Firefox & Chrome" = ERDAS ECW JPEG 2000 Plug-in for Firefox & Chrome

"ERDAS ECW JPEG 2000 Plug-in for Internet Explorer" = ERDAS ECW JPEG 2000 Plug-in for Internet Explorer

"Google Chrome" = Google Chrome

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III

"InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19

"InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup

"LiveReg" = LiveReg (Symantec Corporation)

"MailWasher_is1" = MailWasher 2.0.14 beta

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MediaNavigation.CDLabelPrint" = CD-LabelPrint

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1

"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"N360" = Norton 360

"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Password Unmask 2.0" = Password Unmask 2.0

"Picasa 3" = Picasa 3

"Picasa2" = Picasa 2

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"QuicktimeAlt_is1" = QuickTime Alternative 1.69

"ScMgr30Uninstall" = Caere Scan Manager 4.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 8" = TeamViewer 8

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinFax" = Symantec WinFax PRO

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"WordWeb" = WordWeb

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"xqdcXSP_is1" = Xteq-dotec X-Setup Pro 6.6.300.Final1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2409280275-1525361949-4019512156-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ePrism" = ePrism

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 15/05/2013 5:32:12 PM | Computer Name = JFLAPTOP2 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 17/05/2013 7:01:24 PM | Computer Name = JFLAPTOP2 | Source = Microsoft Office 11 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 25/05/2013 10:24:02 PM | Computer Name = JFLAPTOP2 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 8/06/2013 8:16:35 PM | Computer Name = JFLAPTOP2 | Source = PerfNet | ID = 2004

Description = Unable to open the Server service. Server performance data will not

be returned. Error code returned is in data DWORD 0.

Error - 12/06/2013 8:25:04 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11706

Description = Product: Activ8me Usage Meter -- Error 1706. An installation package

for the product Activ8me Usage Meter cannot be found. Try the installation again

using a valid copy of the installation package 'MSI9F.tmp'.

Error - 12/06/2013 8:26:25 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11706

Description = Product: Activ8me Usage Meter -- Error 1706. An installation package

for the product Activ8me Usage Meter cannot be found. Try the installation again

using a valid copy of the installation package 'MSI9F.tmp'.

Error - 12/06/2013 8:27:01 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11706

Description = Product: Activ8me Usage Meter -- Error 1706. An installation package

for the product Activ8me Usage Meter cannot be found. Try the installation again

using a valid copy of the installation package 'MSI9F.tmp'.

Error - 12/06/2013 8:27:50 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11706

Description = Product: Activ8me Usage Meter -- Error 1706. An installation package

for the product Activ8me Usage Meter cannot be found. Try the installation again

using a valid copy of the installation package 'MSI9F.tmp'.

Error - 12/06/2013 8:36:00 PM | Computer Name = JFLAPTOP2 | Source = MsiInstaller | ID = 11316

Description = Product: Activ8me Usage Meter -- Error 1316. A network error occurred

while attempting to read from the file: C:\DOCUME~1\John\LOCALS~1\Temp\MSI9F.tmp

Error - 14/06/2013 4:48:20 AM | Computer Name = JFLAPTOP2 | Source = Microsoft Office 11 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

[ System Events ]

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7034

Description = The Message Queuing service terminated unexpectedly. It has done

this 1 time(s).

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7034

Description = The hpqwmiex service terminated unexpectedly. It has done this 1

time(s).

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7034

Description = The Message Queuing Triggers service terminated unexpectedly. It

has done this 1 time(s).

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7034

Description = The Application Layer Gateway Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7031

Description = The Bluetooth Service service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7031

Description = The TeamViewer 8 service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 2000 milliseconds:

Restart the service.

Error - 14/06/2013 9:22:45 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7031

Description = The Norton 360 service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 120000 milliseconds:

Restart the service.

Error - 14/06/2013 9:35:03 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7000

Description = The Logitech Bluetooth Service service failed to start due to the

following error: %%2

Error - 14/06/2013 9:35:03 PM | Computer Name = JFLAPTOP2 | Source = Service Control Manager | ID = 7000

Description = The Logitech Process Monitor service failed to start due to the following

error: %%2

Error - 14/06/2013 11:34:30 PM | Computer Name = JFLAPTOP2 | Source = SRTSP | ID = 524292

Description = Error loading virus definitions.

< End of report >

[D-FRED-BROWN]

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :OTL
  @Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8
  
  [2004/08/07 23:09:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
  
  [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  
  [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Apartment
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 22:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Free
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Both
  
  [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

  
  

• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  

[jennbee]

Latest OTL report

All processes killed

========== OTL ==========

ADS C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8 deleted successfully.

C:\WINDOWS\assembly\Desktop.ini moved successfully.

File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.

File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll deleted successfully.

C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP folder deleted successfully.

C:\Program Files\GUM6F.tmp deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 134 bytes

User: All Users

User: Alt

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 469 bytes

->Flash cache emptied: 831 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 43249 bytes

->Flash cache emptied: 57616 bytes

User: John

->Temp folder emptied: 176641 bytes

->Temporary Internet Files folder emptied: 24763277 bytes

->Java cache emptied: 4989456 bytes

->FireFox cache emptied: 18727278 bytes

->Google Chrome cache emptied: 15767609 bytes

->Flash cache emptied: 59766 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 33569 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3051335 bytes

RecycleBin emptied: 648201 bytes

Total Files Cleaned = 65.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Alt

User: Default User

User: John

->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Alt

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: John

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06162013_082832

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_3b8.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[D-FRED-BROWN]

Things look good. Judging by your last few logs, I'd say your system is clean.

Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware.

---------

Upgrade Java : (32 bits)

• Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  
• Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  
• Accept License Agreement.".
  
• Click on the link to download Windows Offline Installation 32 bit ( jre-7u3-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java version.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-i586.exe and select "Run as an Administrator.")
  

---------

Please let me know how the updates went, as failed updates may be dule to malware.

[jennbee]

Have gone through this process, but the only file available from the web page you referred to was jre-7u21-windows-i586.exe - hope this was okay

At end of installation the following error appeared

GetDefaultBrowserError:2

Have tested IE8, FireFox and Chrome browsers with both Google and Bing search engines - search result link hijacking is still occuring in IE and Firefox - FF sometimes blocks the attempted redirect, but not always.

With one link selected, Norton Antivirus blocked and reported attempted web attack.

Despite all your wonderful help, I'm pretty much convinced the only option is to go get a new computer and use the affected one as a paper weight!

[D-FRED-BROWN]

Let's get rid of those redirects first.

Despite all your wonderful help, I'm pretty much convinced the only option is to go get a new computer and use the affected one as a paper weight!

It's malware, not a fried operating system- it can still be salvaged. (at the very worst, all you'd have to do is reformat the computer and start fresh rather than throwing it away). If you wish to proceed, please continue with the instructions below:

Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the contents of that logfile with your next reply.
  
• You can find the logfile at C:\AdwCleaner[R1].txt as well.
  

-----------------

Instructions for DELETE:

• Close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• You will be prompted to restart your computer. A text file will open after the restart.
  
• Please post the contents of that logfile with your next reply.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

-----------------

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  
• The tool will open start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

-----------------

After all that, reboot the computer. Still having any redirects?

Please post both of the AdwCleaner logs and the JRT.txt log in your next reply.

[jennbee]

I'll continue on as long as you feel it worthwhile -

this the latest ADWCleaner text

# AdwCleaner v2.303 - Logfile created 06/16/2013 at 12:52:39

# Updated 08/06/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : John - JFLAPTOP2

# Boot Mode : Normal

# Running from : C:\Documents and Settings\John\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files\APN

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\ngsbf22n.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R3].txt - [911 octets] - [16/06/2013 12:52:39]

########## EOF - C:\AdwCleaner[R3].txt - [970 octets] ##########

proceeding to next step of your last post...will report again after completing all steps

[D-FRED-BROWN]

Keep me posted

[jennbee]

ADWCleaner [s2] file contents

# AdwCleaner v2.303 - Logfile created 06/16/2013 at 12:59:43

# Updated 08/06/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : John - JFLAPTOP2

# Boot Mode : Normal

# Running from : C:\Documents and Settings\John\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\APN

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\ngsbf22n.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R3].txt - [1038 octets] - [16/06/2013 12:52:39]

AdwCleaner[s2].txt - [973 octets] - [16/06/2013 12:59:43]

########## EOF - C:\AdwCleaner[s2].txt - [1032 octets] ##########

JRT file contents

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by John on Sun 16/06/2013 at 13:11:59.34

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 16/06/2013 at 13:19:44.20

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Unfortunately search results are still redirecting in all browsers - Chrome least affected, IE worst

jennbee

[D-FRED-BROWN]

Go ahead and run OTL again for me- please post the new OTL.txt and Extras.txt in your next reply.

----------

Please download RogueKiller to your desktop

• Quit all running programs
  
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  
• When prompted, type 1 and validate
  
• The RKreport.txt shall be generated next to the executable.
  
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
  

Please post the contents of the RKreport.txt in your next Reply.

[jennbee]

Won't have access to computer for a day or two - will definitely continue following your recommendations - please don't close topic until I've had a chance to let you know how I get on with OTL and RoqueKiller

thanks

jennbee

[D-FRED-BROWN]

Sounds good, keep me posted

[jennbee]

Extras.TxtOTL.TxtRKreport0_S_06222013_110040.txtFinally back on the case.

 

Latest OTL, Extras and RogueKiller files attached

[D-FRED-BROWN]

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.