all of my google searched get hijacked

[wilkelldad]

HI Elise,

This seems to have worked. I've search quite a few times to day with the two, hopefully, effected browsers and they go where the links direct them.

I'll let you know in the next day or so if the trouble pops up again, but it seems clean.

I appreciate your help () with this problem.

Have a good evening!

David

[Elise]

Good to hear that David.

Please keep me posted!

[wilkelldad]

Well Elise...it's persistent, if irregular.

the redirects turned up, on IE, on one of the first searches I did this morning. The redirects continued on quite a few times. I switched to Firefox (and chrome, occasionally, throughout the day) and just now, some 10-11 hours later just had my first redirect on Firefox. Chrome continues to be unaffected.

What do we do now?

Hoping to stop bugging you soon,

David

[Elise]

Since Chrome is unaffected, the problem lies in the browsers. Please run ATF cleaner again and see if that fixes the problem again.

If so, check security settings for IE and FF regarding to third-party cookies (make sure settings are so that third party cookies are blocked).

[wilkelldad]

Since Chrome is unaffected, the problem lies in the browsers. Please run ATF cleaner again and see if that fixes the problem again.

If so, check security settings for IE and FF regarding to third-party cookies (make sure settings are so that third party cookies are blocked).

Good Morning Elise,

This morning I read your instructions, checked the cookie settings on both browsers and they were both allowing third party cookies (I know I stopped that long ago), so I un-checked the boxes. I then uninstalled firefox. Closed down everything and ran ATF. Rebooted, ran mbam reinstalled firefox, unchecked the third party cookie box, opened ie searched and clicked on a link, was immediately rerouted, ran a search on firefox, clicked on a link was rerouted, opened chrome and searched, clicked a link and went to to correct result.

Should I either hang it up and resolve to be redirected or use the utility that came with this computer to restore it to factory settings an resolve to be at the computer for days bringing it up to date..Is there anything dangerous lurking on this thing?

Thanks

David

[Elise]

As far as I am able to determine so far, it is not something serious/dangerous but more something like a wrong setting/malware leftover.

So lets have a closer look.

OTL

-----

Please download OTL from one of the following mirrors:

• • This is THE Mirror
    

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

• OTListIt.txt <-- Will be opened
  
• Extra.txt <-- Will be minimized
  

[wilkelldad]

Thanks Elise.

Here are the results:

OTL logfile created on: 7/13/2010 12:00:03 PM - Run 3

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\David\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 85.00 Mb Available Physical Memory | 17.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.11 Gb Total Space | 20.47 Gb Free Space | 60.00% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DC62K091

Current User Name: David

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/13 11:37:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

PRC - [2010/06/26 04:41:17 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/06/26 04:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

PRC - [2010/04/21 11:20:06 | 001,193,336 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010/04/14 12:29:58 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2008/09/23 11:20:00 | 000,415,072 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/12/15 08:58:55 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe

PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe

PRC - [2005/09/08 21:20:46 | 000,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

PRC - [2005/09/08 21:20:46 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

PRC - [2005/09/08 21:20:46 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe

PRC - [2005/08/24 01:42:26 | 000,393,216 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2005/08/01 18:00:00 | 000,610,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2005/05/15 04:04:12 | 000,332,800 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe

PRC - [2005/03/14 13:39:06 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe

PRC - [2003/10/29 04:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/07/13 11:37:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010/04/14 12:29:58 | 000,170,144 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)

DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)

DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)

DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2005/12/15 08:58:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)

DRV - [2005/08/30 07:55:56 | 001,031,720 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2005/08/05 05:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2005/07/22 05:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2005/07/22 05:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2005/07/22 05:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2005/06/24 08:19:52 | 000,190,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2004/12/06 23:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)

DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)

DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)

DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)

DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)

DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)

DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)

DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)

DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)

DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)

DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)

DRV - [2004/08/18 17:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)

DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)

DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [1995/11/07 05:57:16 | 000,006,144 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\crlscsi.sys -- (crlscsi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3670191694-21722307-330312701-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-3670191694-21722307-330312701-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3670191694-21722307-330312701-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/01 19:31:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/13 10:47:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/13 10:46:42 | 000,000,000 | ---D | M]

[2010/07/13 10:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions

[2010/07/13 11:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ekdhxapw.default\extensions

[2010/07/13 11:03:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ekdhxapw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/07/13 10:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/18 06:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/14 12:29:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/11 11:16:34 | 000,411,183 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14235 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100520093031.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)

O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)

O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)

O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)

O4 - HKU\S-1-5-21-3670191694-21722307-330312701-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: LAEK = rundll32 "C:\WINDOWS\system32\mstsc1.dll",Ppar ()

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3670191694-21722307-330312701-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 11:36:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/07/13 10:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Mozilla

[2010/07/11 12:46:43 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\David\Desktop\ATF-Cleaner.exe

[2010/07/07 16:51:13 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/07/07 14:23:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/07/07 11:25:11 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/07/07 11:18:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/07/04 11:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/07/04 11:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/07/01 22:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/07/01 07:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\ebooks

[2010/06/21 22:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\recipes

[2010/06/21 08:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\Container Pictorials

[2010/06/17 12:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\Sam Moore Program updates

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/13 11:37:32 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\David\NTUSER.DAT

[2010/07/13 11:37:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/07/13 11:09:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3670191694-21722307-330312701-1006UA.job

[2010/07/13 10:47:03 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/07/13 10:47:03 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/07/13 09:10:55 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk

[2010/07/13 09:09:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/07/13 09:09:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/07/13 09:09:32 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/13 09:08:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini

[2010/07/12 16:53:24 | 000,037,237 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Home Furniture (4459) 636-75-415 .pdf

[2010/07/12 15:09:06 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3670191694-21722307-330312701-1006Core.job

[2010/07/12 12:59:19 | 003,359,505 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SummerSpecial - July.pdf

[2010/07/12 12:04:55 | 003,343,781 | ---- | M] () -- C:\Documents and Settings\David\Desktop\July Overstock Special.pdf

[2010/07/12 11:19:57 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Access.lnk

[2010/07/12 11:07:39 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\David\Desktop\HookerJULYOSSTOCK.xls

[2010/07/11 12:46:44 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\David\Desktop\ATF-Cleaner.exe

[2010/07/11 11:16:34 | 000,411,183 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/07/10 07:31:17 | 000,372,339 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Accommodations Program package.pdf

[2010/07/10 07:24:23 | 000,303,644 | ---- | M] () -- C:\Documents and Settings\David\Desktop\envision styles Market April 2010.pdf

[2010/07/09 12:37:25 | 001,111,040 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Container Builder.xls

[2010/07/09 12:27:19 | 000,123,124 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Cherry House Truckload Order.pdf

[2010/07/09 10:26:28 | 000,642,653 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Discontinued goods PICS.pdf

[2010/07/09 10:10:13 | 000,333,855 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Overstocked Priced goods PICS.pdf

[2010/07/09 09:59:17 | 000,129,222 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Truckload Event Selections.pdf

[2010/07/09 09:49:51 | 001,049,530 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Regular@LandedPICS.pdf

[2010/07/08 22:44:27 | 000,082,349 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Cherry House Discontinued, Overstock Truck Load.pdf

[2010/07/08 22:04:17 | 000,043,961 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Cherry House Discontinued Truck Load.pdf

[2010/07/08 13:15:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/07/07 15:02:23 | 000,607,374 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SM Envision for ORI.pdf

[2010/07/07 14:30:59 | 000,013,217 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Burke SM PO S25203.pdf

[2010/07/07 13:58:24 | 034,136,064 | ---- | M] () -- C:\Documents and Settings\David\My Documents\2XChairSolutionCostNew American Home June 22 2010.pub

[2010/07/07 13:55:06 | 001,285,189 | ---- | M] () -- C:\Documents and Settings\David\Desktop\2XChairSolutionCostNew American Home June 22 2010.pdf

[2010/07/07 13:12:10 | 000,100,617 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Home Furniture PO.pdf

[2010/07/07 12:54:18 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Publisher.lnk

[2010/07/07 11:41:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/07/07 11:41:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100711-111634.backup

[2010/07/07 11:25:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/07/02 22:27:39 | 000,005,236 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SMHkrGrn.jpg

[2010/07/02 22:19:32 | 000,020,619 | ---- | M] () -- C:\Documents and Settings\David\Desktop\KTGroomingSS.JPG

[2010/07/02 22:07:57 | 004,535,653 | ---- | M] () -- C:\Documents and Settings\David\Desktop\DiscontinuedSpecials.pdf

[2010/06/30 14:06:31 | 000,014,130 | ---- | M] () -- C:\Documents and Settings\David\Desktop\RETAIL SS600 Components - 601 & 606.pdf

[2010/06/30 14:05:15 | 000,014,002 | ---- | M] () -- C:\Documents and Settings\David\Desktop\WHOLESALE SS600 Components - 601 & 606.pdf

[2010/06/30 08:34:25 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/06/29 12:58:04 | 000,002,941 | ---- | M] () -- C:\Documents and Settings\David\My Documents\David taylor.tif

[2010/06/28 22:29:55 | 000,011,369 | ---- | M] () -- C:\Documents and Settings\David\Desktop\catchklst.pdf

[2010/06/23 18:40:46 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\David\My Documents\deanbosler internetlogo.pub

[2010/06/23 17:54:19 | 000,024,461 | ---- | M] () -- C:\Documents and Settings\David\Desktop\63770401.jpg

[2010/06/23 03:11:05 | 000,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/23 03:11:05 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/23 03:11:05 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/22 09:33:34 | 000,042,604 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Ford Proposal.pdf

[2010/06/22 09:33:34 | 000,042,604 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Ford Proposal.pdf

[2010/06/21 10:32:04 | 001,002,496 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Macy's Logo.pub

[2010/06/21 08:09:12 | 000,263,160 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Accommodations Price List - June 2010.pdf

[2010/06/21 08:06:33 | 000,319,780 | ---- | M] () -- C:\Documents and Settings\David\Desktop\THF Retail Accommodations Price List - June 2010.pdf

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/13 10:47:03 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/07/13 10:47:03 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/07/12 16:52:43 | 000,037,237 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Home Furniture (4459) 636-75-415 .pdf

[2010/07/12 12:54:24 | 003,359,505 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SummerSpecial - July.pdf

[2010/07/12 11:59:04 | 003,343,781 | ---- | C] () -- C:\Documents and Settings\David\Desktop\July Overstock Special.pdf

[2010/07/12 09:13:56 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\David\Desktop\HookerJULYOSSTOCK.xls

[2010/07/10 07:31:16 | 000,372,339 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Accommodations Program package.pdf

[2010/07/10 07:24:06 | 000,303,644 | ---- | C] () -- C:\Documents and Settings\David\Desktop\envision styles Market April 2010.pdf

[2010/07/09 12:27:18 | 000,123,124 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Cherry House Truckload Order.pdf

[2010/07/09 10:26:20 | 000,642,653 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Discontinued goods PICS.pdf

[2010/07/09 10:09:54 | 000,333,855 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Overstocked Priced goods PICS.pdf

[2010/07/09 09:54:11 | 000,129,222 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Truckload Event Selections.pdf

[2010/07/09 09:49:11 | 001,049,530 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Regular@LandedPICS.pdf

[2010/07/08 23:30:28 | 001,111,040 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Container Builder.xls

[2010/07/08 22:44:26 | 000,082,349 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Cherry House Discontinued, Overstock Truck Load.pdf

[2010/07/08 22:03:11 | 000,043,961 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Cherry House Discontinued Truck Load.pdf

[2010/07/07 15:01:32 | 000,607,374 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SM Envision for ORI.pdf

[2010/07/07 14:30:51 | 000,013,217 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Burke SM PO S25203.pdf

[2010/07/07 13:54:53 | 001,285,189 | ---- | C] () -- C:\Documents and Settings\David\Desktop\2XChairSolutionCostNew American Home June 22 2010.pdf

[2010/07/07 13:11:05 | 000,100,617 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Home Furniture PO.pdf

[2010/07/07 13:03:28 | 034,136,064 | ---- | C] () -- C:\Documents and Settings\David\My Documents\2XChairSolutionCostNew American Home June 22 2010.pub

[2010/07/07 11:25:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/07/07 11:25:18 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/07/02 22:33:09 | 000,237,269 | ---- | C] () -- C:\Documents and Settings\David\My Documents\6 piecesLD 612 product.png

[2010/07/02 22:31:48 | 000,166,530 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Pg 018-076 B-Y Wholesale May 2010.pdf

[2010/07/02 22:28:58 | 000,042,515 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Individual - BY Taylor2009.pdf

[2010/07/02 22:27:37 | 000,005,236 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SMHkrGrn.jpg

[2010/07/02 22:24:57 | 000,724,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\3-1-2010 - Price List Reference Document.xls

[2010/07/02 22:22:48 | 000,042,604 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Ford Proposal.pdf

[2010/07/02 22:19:29 | 000,020,619 | ---- | C] () -- C:\Documents and Settings\David\Desktop\KTGroomingSS.JPG

[2010/07/02 15:26:18 | 004,535,653 | ---- | C] () -- C:\Documents and Settings\David\Desktop\DiscontinuedSpecials.pdf

[2010/06/30 14:06:29 | 000,014,130 | ---- | C] () -- C:\Documents and Settings\David\Desktop\RETAIL SS600 Components - 601 & 606.pdf

[2010/06/30 14:05:14 | 000,014,002 | ---- | C] () -- C:\Documents and Settings\David\Desktop\WHOLESALE SS600 Components - 601 & 606.pdf

[2010/06/29 12:58:03 | 000,002,941 | ---- | C] () -- C:\Documents and Settings\David\My Documents\David taylor.tif

[2010/06/28 22:29:38 | 000,011,369 | ---- | C] () -- C:\Documents and Settings\David\Desktop\catchklst.pdf

[2010/06/23 18:40:34 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\David\My Documents\deanbosler internetlogo.pub

[2010/06/23 17:53:47 | 000,024,461 | ---- | C] () -- C:\Documents and Settings\David\Desktop\63770401.jpg

[2010/06/22 09:33:26 | 000,042,604 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Ford Proposal.pdf

[2010/06/21 09:27:09 | 001,002,496 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Macy's Logo.pub

[2010/06/21 08:08:58 | 000,263,160 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Accommodations Price List - June 2010.pdf

[2010/06/21 08:06:21 | 000,319,780 | ---- | C] () -- C:\Documents and Settings\David\Desktop\THF Retail Accommodations Price List - June 2010.pdf

[2010/06/05 11:52:15 | 000,135,680 | RHS- | C] () -- C:\WINDOWS\System32\mstsc1.dll

[2009/10/09 10:32:39 | 000,000,211 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2009/09/29 18:24:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\longfile.INI

[2009/09/29 18:18:55 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\scpext.dll

[2009/09/20 17:06:12 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2009/09/20 10:14:33 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2009/09/20 10:13:44 | 000,000,685 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2009/09/20 09:53:02 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/09/20 09:34:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/09/19 23:38:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

[2008/08/05 02:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll

[2005/12/15 09:14:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/12/15 09:02:27 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/12/15 08:31:32 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/12/01 11:33:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DLL

[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 7/13/2010 12:00:03 PM - Run 3

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\David\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 85.00 Mb Available Physical Memory | 17.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 34.11 Gb Total Space | 20.47 Gb Free Space | 60.00% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DC62K091

Current User Name: David

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00140409-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000

"{049CAE8B-67B4-4C53-8B08-58331A41A4C0}" = hpzTLBXFX

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp

"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds

"{11A3D40A-6EF9-4E0E-BB34-E9F458C40601}" = hppIOFiles

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy

"{331C9768-BAD9-F31B-8DA2-0268D346C702}" = Times Reader

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel

"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder

"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts

"{6B7E1C85-CAAB-42DD-9319-E785C2C19BB3}" = hppTLBXFX2605

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch

[Elise]

Please rerun TDSSkiller; instructions as earlier.

[wilkelldad]

Elise,

Below is the log. It did not prompt for a reboot....should I?

Thanks

David

12:39:46:593 5996 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49

12:39:46:593 5996 ================================================================================

12:39:46:593 5996 SystemInfo:

12:39:46:593 5996 OS Version: 5.1.2600 ServicePack: 3.0

12:39:46:593 5996 Product type: Workstation

12:39:46:593 5996 ComputerName: DC62K091

12:39:46:593 5996 UserName: David

12:39:46:593 5996 Windows directory: C:\WINDOWS

12:39:46:593 5996 System windows directory: C:\WINDOWS

12:39:46:593 5996 Processor architecture: Intel x86

12:39:46:593 5996 Number of processors: 1

12:39:46:593 5996 Page size: 0x1000

12:39:46:593 5996 Boot type: Normal boot

12:39:46:593 5996 ================================================================================

12:39:47:390 5996 Initialize success

12:39:47:390 5996

12:39:47:390 5996 Scanning Services ...

12:39:48:515 5996 Raw services enum returned 365 services

12:39:48:531 5996

12:39:48:531 5996 Scanning Drivers ...

12:39:50:640 5996 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

12:39:50:750 5996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:39:50:796 5996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:39:50:875 5996 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

12:39:50:953 5996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:39:51:093 5996 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

12:39:51:109 5996 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

12:39:51:140 5996 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

12:39:51:171 5996 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

12:39:51:187 5996 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

12:39:51:203 5996 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

12:39:51:218 5996 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

12:39:51:234 5996 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

12:39:51:265 5996 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

12:39:51:281 5996 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

12:39:51:328 5996 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

12:39:51:359 5996 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

12:39:51:390 5996 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

12:39:51:406 5996 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

12:39:51:468 5996 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

12:39:51:531 5996 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

12:39:51:578 5996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:39:51:625 5996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:39:51:750 5996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:39:51:796 5996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:39:52:187 5996 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

12:39:52:515 5996 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

12:39:52:734 5996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:39:52:968 5996 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

12:39:53:078 5996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:39:53:140 5996 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

12:39:53:187 5996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:39:53:218 5996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:39:53:265 5996 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:39:53:312 5996 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys

12:39:53:390 5996 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

12:39:53:406 5996 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

12:39:53:421 5996 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

12:39:53:468 5996 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

12:39:53:515 5996 crlscsi (e08ac114b931dacafbdd9d5e0b93815c) C:\WINDOWS\system32\drivers\crlscsi.sys

12:39:53:562 5996 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

12:39:53:593 5996 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

12:39:53:609 5996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:39:53:734 5996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:39:53:812 5996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:39:53:843 5996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:39:53:906 5996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:39:53:968 5996 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

12:39:54:109 5996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:39:54:234 5996 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

12:39:54:250 5996 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

12:39:54:296 5996 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

12:39:54:343 5996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:39:54:390 5996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

12:39:54:421 5996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:39:54:468 5996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

12:39:54:515 5996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:39:54:562 5996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:39:54:609 5996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:39:54:656 5996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

12:39:54:750 5996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:39:54:781 5996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:39:54:796 5996 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:39:54:859 5996 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

12:39:54:921 5996 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

12:39:55:125 5996 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

12:39:55:328 5996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:39:55:359 5996 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

12:39:55:406 5996 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

12:39:55:453 5996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:39:55:546 5996 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

12:39:55:640 5996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:39:55:765 5996 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

12:39:55:828 5996 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

12:39:55:859 5996 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:39:55:890 5996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:39:55:937 5996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:39:56:062 5996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:39:56:125 5996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:39:56:171 5996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:39:56:234 5996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:39:56:265 5996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:39:56:281 5996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:39:56:328 5996 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:39:56:359 5996 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys

12:39:56:421 5996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:39:56:468 5996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:39:56:531 5996 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

12:39:56:640 5996 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\WINDOWS\system32\drivers\mfeapfk.sys

12:39:56:750 5996 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys

12:39:56:812 5996 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys

12:39:56:859 5996 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys

12:39:57:000 5996 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys

12:39:57:093 5996 mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

12:39:57:093 5996 mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

12:39:57:125 5996 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys

12:39:57:187 5996 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

12:39:57:218 5996 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

12:39:57:265 5996 mfetdi2k (1bfe4c4ccf8cd2d7deaffb424e691196) C:\WINDOWS\system32\drivers\mfetdi2k.sys

12:39:57:281 5996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:39:57:296 5996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:39:57:328 5996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:39:57:375 5996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:39:57:390 5996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:39:57:437 5996 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

12:39:57:453 5996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:39:57:531 5996 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:39:57:671 5996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:39:57:843 5996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:39:57:859 5996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:39:57:875 5996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:39:57:921 5996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:39:57:937 5996 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

12:39:57:953 5996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:39:58:078 5996 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:39:58:093 5996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:39:58:109 5996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:39:58:125 5996 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

12:39:58:140 5996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:39:58:187 5996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:39:58:203 5996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:39:58:250 5996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:39:58:328 5996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:39:58:468 5996 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:39:58:578 5996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:39:58:593 5996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:39:58:671 5996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:39:58:781 5996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:39:58:796 5996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:39:58:812 5996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:39:58:859 5996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:39:58:906 5996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:39:59:062 5996 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

12:39:59:109 5996 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

12:39:59:156 5996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:39:59:171 5996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:39:59:203 5996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:39:59:250 5996 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

12:39:59:265 5996 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

12:39:59:359 5996 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

12:39:59:359 5996 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

12:39:59:375 5996 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

12:39:59:406 5996 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

12:39:59:437 5996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:39:59:500 5996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:39:59:562 5996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:39:59:578 5996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:39:59:609 5996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:39:59:625 5996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:39:59:703 5996 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:39:59:859 5996 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

12:39:59:906 5996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:39:59:953 5996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:40:00:078 5996 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:40:00:125 5996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:40:00:203 5996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:40:00:250 5996 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

12:40:00:296 5996 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

12:40:00:343 5996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:40:00:390 5996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:40:00:453 5996 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

12:40:00:500 5996 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

12:40:00:500 5996 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

12:40:00:640 5996 STHDA (4d8af5d86a8f7778b93069e0f2e30b33) C:\WINDOWS\system32\drivers\sthda.sys

12:40:01:093 5996 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

12:40:01:140 5996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:40:01:187 5996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:40:01:234 5996 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

12:40:01:265 5996 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

12:40:01:281 5996 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

12:40:01:296 5996 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

12:40:01:343 5996 SynTP (643b3e821a00b2b6a35cc099cb9653a1) C:\WINDOWS\system32\DRIVERS\SynTP.sys

12:40:01:375 5996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:40:01:453 5996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:40:01:515 5996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:40:01:546 5996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:40:01:578 5996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:40:01:656 5996 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

12:40:01:765 5996 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

12:40:01:859 5996 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

12:40:01:906 5996 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

12:40:01:906 5996 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

12:40:01:937 5996 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

12:40:01:953 5996 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

12:40:02:062 5996 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

12:40:02:093 5996 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

12:40:02:140 5996 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

12:40:02:171 5996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:40:02:218 5996 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

12:40:02:546 5996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:40:03:171 5996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:40:03:359 5996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:40:03:546 5996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:40:03:625 5996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:40:03:656 5996 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:40:03:734 5996 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:40:03:796 5996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:40:03:953 5996 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

12:40:04:203 5996 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

12:40:04:437 5996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:40:04:500 5996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:40:04:562 5996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:40:04:781 5996 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

12:40:04:953 5996 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

12:40:04:953 5996

12:40:04:953 5996 Completed

12:40:04:953 5996

12:40:04:953 5996 Results:

12:40:04:968 5996 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

12:40:04:968 5996 File objects infected / cured / cured on reboot: 0 / 0 / 0

12:40:04:968 5996

12:40:04:968 5996 KLMD(ARK) unloaded successfully

[Elise]

Is Internet Explorer also still redirecting you?

[wilkelldad]

Is Internet Explorer also still redirecting you?

Before writing you this morning both browsers were redirecting me..neither is right now.

[wilkelldad]

Once I shut down Firefox, the redirects started. They are occurring in both IE and FF

[Elise]

If you have a router, please reset it.

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.

Select save in: desktop

Fill in File name: test.bat

Save as type: All file types (*.*)

Click save.

Close the Notepad.

Locate and double-click tast.bat on the desktop.

A notepad opens, copy and paste the content it (log1.txt) to your reply.

[wilkelldad]

Elise,

Here are the results of test.bat.

Windows IP Configuration

Host Name . . . . . . . . . . . . : DC62K091

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card

Physical Address. . . . . . . . . : 00-90-4B-E7-A2-9F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 208.67.222.222

208.67.220.220

Lease Obtained. . . . . . . . . . : Tuesday, July 13, 2010 2:24:16 PM

Lease Expires . . . . . . . . . . : Wednesday, July 14, 2010 2:24:16 PM

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-14-22-90-E4-67

Server: resolver1.opendns.com

Address: 208.67.222.222

DNS request timed out.

timeout was 2 seconds.

Name: google.com

Address: 173.194.33.104

Server: resolver1.opendns.com

Address: 208.67.222.222

Name: yahoo.com

Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70

67.195.160.76

Pinging google.com [173.194.33.104] with 32 bytes of data:

Reply from 173.194.33.104: bytes=32 time=113ms TTL=51

Reply from 173.194.33.104: bytes=32 time=109ms TTL=51

Ping statistics for 173.194.33.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 109ms, Maximum = 113ms, Average = 111ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=81ms TTL=50

Reply from 98.137.149.56: bytes=32 time=78ms TTL=50

Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 78ms, Maximum = 81ms, Average = 79ms

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 90 4b e7 a2 9f ...... Dell Wireless 1370 WLAN Mini-PCI Card - McAfee Core NDIS Intermediate Filter Miniport

0x10004 ...00 14 22 90 e4 67 ...... Broadcom 440x 10/100 Integrated Controller - McAfee Core NDIS Intermediate Filter Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20

192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 25

192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 25

192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 25

224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 25

255.255.255.255 255.255.255.255 192.168.1.102 10004 1

255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1

Default Gateway: 192.168.1.1

===========================================================================

Persistent Routes:

None

[Elise]

Did you also reset the router? How is the redirect issue now?

[wilkelldad]

I get diverted with IE, nothing with FF for now. I'll kick it around and see if it's limited to IE only, if you'd like.

[Elise]

Okay, please keep me posted.

[wilkelldad]

Okay, please keep me posted.

I REALLY appreciate your support!

[wilkelldad]

Good morning Elise,

I continue to be redirected in both browsers.

I'm not sure if I've mentioned this, it on "clicks" only. If I copy and paste the links I go where the link intended.

Thoughts?

[Elise]

Please try to run Firefox (safemode). This should start Firefox without add ons (it should have this option in the Start/Programs menu).

Let me know if that has the same issue or not.

[wilkelldad]

Please try to run Firefox (safemode). This should start Firefox without add ons (it should have this option in the Start/Programs menu).

Let me know if that has the same issue or not.

Good morning Elise,

Same issue. Many searches yesterday with no redirects on FF safemode. This morning, the first search after booting up and going into FF safe mode I was redirected.

[Elise]

Can you see a "pattern" in the redirects? Is it always to the same site/same time?

Please click Start > Run, type sfc /scannow in the runbox and press enter. Let the system file checker run unhindered. Note - you might be prompted for your XP CD.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Check
      
   8. Push the Start button.
      
   9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      
   10. When the scan completes, push
       
   11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
       Note - when ESET doesn't find any threats, no report will be created.
       
   12. Push the button.
       
   13. Push
       
       

[wilkelldad]

The only pattern I see is the redirect starts with going to the website, at least in the address bar, the site I mentioned earlier, ohtgnoeriga.com (with prefixes and suffixes)or a site aslds.com (? or similar). I'll try to capture at least the domain of the redirect.

I'll scan until the computer prompts for the XP discs ( maybe it won't). If it does, I'll have to wait to get back home, I'm in a hotel for now, will be home tonight.

would you want to wait to scan with ESET until after the sfc scannow? Is it safe from a public network?

[Elise]

Thats difficult to say; not all public networks have the same security measures taken.

If you want to be on the safe side, you can do it from home. Just take your time.

[wilkelldad]

The windows scan is finished, but no log or anything. Is that right?