View Full Version : Babylon Toolbar issues
jtcarrie
2012-07-13, 05:37
I've been having problems with Babylon Toolbar. I ran Malware Bytes and SuperAntiSpyware and they came up with nothing. I ran Spybot, and it came up with Babylon.Toolbar, but it said it couldn't remove it because it was still running. I restarted the PC and ran Spybot and now it doesn't even list Babylon, but it still pops up on my browser. I did delete the Babylon XML file in Mozilla. I'm running Windows 7 64-bit. Any help would be greatly appreciated. Thank you.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Sarah at 22:27:31 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.3965 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\RemoteX\RemoteX.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\RemoteX\RemoteXUser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SansaDispatch] C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [RemoteX] "C:\Program Files (x86)\RemoteX\RemoteXUser.exe"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A1CAFDC8-E541-4451-BB42-381772453D79} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [RemoteX] "C:\Program Files (x86)\RemoteX\RemoteXUser.exe"
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9nrwh3hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112462&babsrc=KW_ss&mntrId=3a81797500000000000000ff8023ef06&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112462
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.hardId - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:56:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-3-12 517632]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-30 673088]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-13 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2009-7-1 33448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-3-9 401920]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-12 22:16:30 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-07-12 20:56:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-12 20:56:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-12 20:52:07 -------- d-----w- C:\Users\Sarah\AppData\Roaming\Malwarebytes
2012-07-12 20:51:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-12 20:51:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-12 20:51:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-12 20:44:20 -------- d-----w- C:\Users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
2012-07-12 20:44:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-12 20:44:02 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-12 17:56:38 -------- d-----w- C:\ProgramData\Premium
2012-07-12 17:56:11 -------- d-----w- C:\ProgramData\InstallMate
2012-07-12 14:39:29 -------- d-----w- C:\Users\Sarah\AppData\Local\{753B0855-936C-435E-A594-80513F7DE287}
2012-07-12 02:39:05 -------- d-----w- C:\Users\Sarah\AppData\Local\{B0E77A39-1019-4791-8518-51CEC7460FE0}
2012-07-11 14:38:39 -------- d-----w- C:\Users\Sarah\AppData\Local\{3257A436-0EEF-4D5F-8CC6-40351A7A0F14}
2012-07-11 14:38:26 -------- d-----w- C:\Users\Sarah\AppData\Local\{8D004D60-3740-4235-AC5B-337F3AE4586C}
2012-07-11 07:04:02 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 02:29:33 -------- d-----w- C:\Users\Sarah\AppData\Local\{56A3921A-B1BC-44F2-A175-32ABC02C5168}
2012-07-10 14:29:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{9A8DAE11-5B9E-4548-8271-63A8BA9FCACA}
2012-07-10 02:28:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{2BC2B83C-53B5-4597-ABA6-3EBB36DE67FD}
2012-07-09 14:28:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{774B5049-FA4D-498B-A409-575555A363EF}
2012-07-09 02:27:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{2E39295B-3BE0-445A-8F6A-008862B0E3EB}
2012-07-08 14:27:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{E2696292-8F9F-4263-AD5E-61F7FA8CAE66}
2012-07-08 02:27:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{5279A286-2340-4B1A-BD66-EEE7A813F7E2}
2012-07-07 14:26:42 -------- d-----w- C:\Users\Sarah\AppData\Local\{F66189FD-5FC7-4FB1-9BFA-38D220945F15}
2012-07-07 02:26:17 -------- d-----w- C:\Users\Sarah\AppData\Local\{FC794031-09FD-47CD-BA74-3B63D65FEF55}
2012-07-06 14:25:52 -------- d-----w- C:\Users\Sarah\AppData\Local\{8DEE34FD-0BA5-4BFA-9D93-AF00B8ED6DDD}
2012-07-06 02:25:27 -------- d-----w- C:\Users\Sarah\AppData\Local\{1CB50AD6-DF9A-4BFF-88A7-62F20904C4B0}
2012-07-05 14:25:02 -------- d-----w- C:\Users\Sarah\AppData\Local\{DC2341FA-0FD8-4E5F-BF22-4EA5FB069BA9}
2012-07-05 02:24:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{F2157CC9-EE3D-4016-A2FE-A04044C30AEA}
2012-07-04 14:24:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{6888138C-47D6-4582-8C29-97CB17ED4A67}
2012-07-04 02:23:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{8B8FC084-A74F-47E3-83FF-7EBEBEA35523}
2012-07-03 14:23:19 -------- d-----w- C:\Users\Sarah\AppData\Local\{38A7B859-EB74-4589-A885-4923C14F5CBD}
2012-07-03 02:22:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{089F2619-F32D-49A1-A5DC-11801CE863CA}
2012-07-02 14:22:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{58C8D52E-81DA-410D-ACFB-DEAD5E9CAD3F}
2012-07-02 02:22:06 -------- d-----w- C:\Users\Sarah\AppData\Local\{9F0EAE35-464A-494C-A20F-8DFB40D6FAA8}
2012-07-01 14:21:40 -------- d-----w- C:\Users\Sarah\AppData\Local\{B85D8FC9-436B-49F7-B7B9-F8D3236C8740}
2012-07-01 02:21:15 -------- d-----w- C:\Users\Sarah\AppData\Local\{E2BC96E3-DDF7-4C4E-A975-9E567DF9E9AC}
2012-06-30 14:20:49 -------- d-----w- C:\Users\Sarah\AppData\Local\{2CB28C06-C69A-412D-91FE-06E763E54163}
2012-06-30 02:20:25 -------- d-----w- C:\Users\Sarah\AppData\Local\{82BAD7F1-DADE-4C77-AC44-C08E027DAF5A}
2012-06-29 14:20:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{243B78F3-E159-48A1-A3B9-39C70C83BEB9}
2012-06-29 02:19:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{F9F13A31-E06F-4B2F-96AD-C8B6AB5EFD4A}
2012-06-28 14:19:12 -------- d-----w- C:\Users\Sarah\AppData\Local\{A66EDC16-5BCD-4E07-9892-CB00B741A011}
2012-06-28 02:18:46 -------- d-----w- C:\Users\Sarah\AppData\Local\{13AA78AE-320C-4D54-9298-12A034469D6A}
2012-06-28 00:09:25 -------- d-----w- C:\Users\Sarah\AppData\Roaming\fltk.org
2012-06-28 00:09:25 -------- d-----w- C:\ProgramData\fltk.org
2012-06-28 00:05:42 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent
2012-06-27 23:45:01 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-06-27 14:18:21 -------- d-----w- C:\Users\Sarah\AppData\Local\{45C5CE79-1B5C-48D0-8CD8-D74FCF708BD1}
2012-06-27 02:17:52 -------- d-----w- C:\Users\Sarah\AppData\Local\{4C048AC6-CBAD-4B4D-A7A3-409CB6C5046A}
2012-06-26 14:17:28 -------- d-----w- C:\Users\Sarah\AppData\Local\{E6B08D28-DA46-4834-8E99-CE1526BC6CCD}
2012-06-26 02:17:03 -------- d-----w- C:\Users\Sarah\AppData\Local\{37D92027-CCDC-4391-B8C8-D76F979F76B3}
2012-06-25 14:16:39 -------- d-----w- C:\Users\Sarah\AppData\Local\{9C95B025-EA05-481E-AD2C-04581590EE91}
2012-06-25 02:16:14 -------- d-----w- C:\Users\Sarah\AppData\Local\{27169762-9963-422C-8681-C77D7085306C}
2012-06-24 14:15:49 -------- d-----w- C:\Users\Sarah\AppData\Local\{CC5DDBB2-4851-47E5-8557-A6822872942C}
2012-06-24 02:15:24 -------- d-----w- C:\Users\Sarah\AppData\Local\{05DC08DE-3237-410C-B9C0-B3EC094F52F8}
2012-06-23 14:15:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{5AFB3070-ED74-4F0F-B242-FAD861E66706}
2012-06-22 14:18:35 -------- d-----w- C:\Users\Sarah\AppData\Local\{0282E542-D45A-419A-A751-D53AFF53E565}
2012-06-22 02:18:10 -------- d-----w- C:\Users\Sarah\AppData\Local\{93E1BEEC-63B3-44F9-9E75-6800AABBBD5A}
2012-06-21 14:17:45 -------- d-----w- C:\Users\Sarah\AppData\Local\{F1A301A1-9DF4-47E3-A8C4-EAE2D749499B}
2012-06-21 02:17:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{5FBD924D-0A2D-4DD9-A336-63E6B74C52A5}
2012-06-20 14:16:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{F32D8280-9988-4A2E-9A31-0F9AB05C8256}
2012-06-20 02:16:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{2632FCD3-FC77-4B83-AB21-A3149D08D5A0}
2012-06-19 15:02:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 15:02:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 15:02:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 15:02:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 14:16:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{24E49368-A2FD-469A-AC9E-EC2714776E00}
2012-06-19 02:15:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{34341ADF-E40A-43C1-A06A-3C45875107AC}
2012-06-18 02:15:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{15396338-48B3-491A-B3F1-41D8ED8C7AB8}
2012-06-14 12:21:56 -------- d-----w- C:\Users\Sarah\AppData\Local\Macromedia
2012-06-14 12:20:32 -------- d-----w- C:\Users\Sarah\AppData\Local\{4330ACBE-A81B-4EED-BA71-1CD5CE8EC708}
2012-06-14 12:20:19 -------- d-----w- C:\Users\Sarah\AppData\Local\{8418C388-E6B4-4CF2-93DC-C7B0801AD62D}
2012-06-13 22:21:28 -------- d-----w- C:\Users\Sarah\AppData\Local\{14BD80CC-EC7D-48D3-A448-C7A4466CE643}
2012-06-13 17:04:38 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 17:04:38 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 17:04:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 17:04:37 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 17:04:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 17:04:37 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 10:21:03 -------- d-----w- C:\Users\Sarah\AppData\Local\{CB082402-AF3D-4F38-BC42-1EE7DFD9EFD5}
.
==================== Find3M ====================
.
2012-07-12 01:38:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:38:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-18 14:13:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 22:28:28.36 ===============
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitLord
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please uninstall the programs listed above (in red). Then post fresh DDS logs.
jtcarrie
2012-07-17, 21:53
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Sarah at 14:49:37 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.3990 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\RemoteX\RemoteX.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\RemoteX\RemoteXUser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SansaDispatch] C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [RemoteX] "C:\Program Files (x86)\RemoteX\RemoteXUser.exe"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A1CAFDC8-E541-4451-BB42-381772453D79} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [RemoteX] "C:\Program Files (x86)\RemoteX\RemoteXUser.exe"
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9nrwh3hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112462&babsrc=KW_ss&mntrId=3a81797500000000000000ff8023ef06&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112462
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.hardId - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:56:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-3-12 517632]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-30 673088]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-13 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2009-7-1 33448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-3-9 401920]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-17 14:43:47 -------- d-----w- C:\Users\Sarah\AppData\Local\{8DC2486B-06ED-492E-9BDF-737DB5D82354}
2012-07-17 02:43:22 -------- d-----w- C:\Users\Sarah\AppData\Local\{59902DCB-1FEA-43DF-A27F-09B94229FFAC}
2012-07-16 14:42:58 -------- d-----w- C:\Users\Sarah\AppData\Local\{123EFEA4-A571-4304-A3A5-36934D2739A5}
2012-07-16 02:42:33 -------- d-----w- C:\Users\Sarah\AppData\Local\{92939BBD-F17B-42D5-B4C0-C943D410D487}
2012-07-15 14:42:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{74FFD88E-CFD4-4FEC-AF97-189553BE7102}
2012-07-15 02:41:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{00FCD6F0-1505-4CBB-8C8D-2C77C0374BA2}
2012-07-14 14:41:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{106BACF2-FCC9-44B9-9269-07B48445352C}
2012-07-14 02:40:56 -------- d-----w- C:\Users\Sarah\AppData\Local\{56F40085-3861-45F7-8910-7F063138A237}
2012-07-13 14:40:32 -------- d-----w- C:\Users\Sarah\AppData\Local\{8AAA539E-CF44-494F-9731-DE9054EF39EB}
2012-07-13 02:40:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{1831F907-C70C-4F1C-BD02-C840C086FFA3}
2012-07-13 02:39:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{BFB47624-F40A-4A53-B81E-4DD83C80D856}
2012-07-12 22:16:30 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-07-12 20:56:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-12 20:56:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-12 20:52:07 -------- d-----w- C:\Users\Sarah\AppData\Roaming\Malwarebytes
2012-07-12 20:51:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-12 20:51:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-12 20:51:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-12 20:44:20 -------- d-----w- C:\Users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
2012-07-12 20:44:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-12 20:44:02 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-12 17:56:38 -------- d-----w- C:\ProgramData\Premium
2012-07-12 17:56:11 -------- d-----w- C:\ProgramData\InstallMate
2012-07-12 14:39:29 -------- d-----w- C:\Users\Sarah\AppData\Local\{753B0855-936C-435E-A594-80513F7DE287}
2012-07-12 02:39:05 -------- d-----w- C:\Users\Sarah\AppData\Local\{B0E77A39-1019-4791-8518-51CEC7460FE0}
2012-07-11 14:38:39 -------- d-----w- C:\Users\Sarah\AppData\Local\{3257A436-0EEF-4D5F-8CC6-40351A7A0F14}
2012-07-11 14:38:26 -------- d-----w- C:\Users\Sarah\AppData\Local\{8D004D60-3740-4235-AC5B-337F3AE4586C}
2012-07-11 07:04:02 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 02:29:33 -------- d-----w- C:\Users\Sarah\AppData\Local\{56A3921A-B1BC-44F2-A175-32ABC02C5168}
2012-07-10 14:29:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{9A8DAE11-5B9E-4548-8271-63A8BA9FCACA}
2012-07-10 02:28:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{2BC2B83C-53B5-4597-ABA6-3EBB36DE67FD}
2012-07-09 14:28:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{774B5049-FA4D-498B-A409-575555A363EF}
2012-07-09 02:27:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{2E39295B-3BE0-445A-8F6A-008862B0E3EB}
2012-07-08 14:27:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{E2696292-8F9F-4263-AD5E-61F7FA8CAE66}
2012-07-08 02:27:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{5279A286-2340-4B1A-BD66-EEE7A813F7E2}
2012-07-07 14:26:42 -------- d-----w- C:\Users\Sarah\AppData\Local\{F66189FD-5FC7-4FB1-9BFA-38D220945F15}
2012-07-07 02:26:17 -------- d-----w- C:\Users\Sarah\AppData\Local\{FC794031-09FD-47CD-BA74-3B63D65FEF55}
2012-07-06 14:25:52 -------- d-----w- C:\Users\Sarah\AppData\Local\{8DEE34FD-0BA5-4BFA-9D93-AF00B8ED6DDD}
2012-07-06 02:25:27 -------- d-----w- C:\Users\Sarah\AppData\Local\{1CB50AD6-DF9A-4BFF-88A7-62F20904C4B0}
2012-07-05 14:25:02 -------- d-----w- C:\Users\Sarah\AppData\Local\{DC2341FA-0FD8-4E5F-BF22-4EA5FB069BA9}
2012-07-05 02:24:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{F2157CC9-EE3D-4016-A2FE-A04044C30AEA}
2012-07-04 14:24:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{6888138C-47D6-4582-8C29-97CB17ED4A67}
2012-07-04 02:23:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{8B8FC084-A74F-47E3-83FF-7EBEBEA35523}
2012-07-03 14:23:19 -------- d-----w- C:\Users\Sarah\AppData\Local\{38A7B859-EB74-4589-A885-4923C14F5CBD}
2012-07-03 02:22:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{089F2619-F32D-49A1-A5DC-11801CE863CA}
2012-07-02 14:22:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{58C8D52E-81DA-410D-ACFB-DEAD5E9CAD3F}
2012-07-02 02:22:06 -------- d-----w- C:\Users\Sarah\AppData\Local\{9F0EAE35-464A-494C-A20F-8DFB40D6FAA8}
2012-07-01 14:21:40 -------- d-----w- C:\Users\Sarah\AppData\Local\{B85D8FC9-436B-49F7-B7B9-F8D3236C8740}
2012-07-01 02:21:15 -------- d-----w- C:\Users\Sarah\AppData\Local\{E2BC96E3-DDF7-4C4E-A975-9E567DF9E9AC}
2012-06-30 14:20:49 -------- d-----w- C:\Users\Sarah\AppData\Local\{2CB28C06-C69A-412D-91FE-06E763E54163}
2012-06-30 02:20:25 -------- d-----w- C:\Users\Sarah\AppData\Local\{82BAD7F1-DADE-4C77-AC44-C08E027DAF5A}
2012-06-29 14:20:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{243B78F3-E159-48A1-A3B9-39C70C83BEB9}
2012-06-29 02:19:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{F9F13A31-E06F-4B2F-96AD-C8B6AB5EFD4A}
2012-06-28 14:19:12 -------- d-----w- C:\Users\Sarah\AppData\Local\{A66EDC16-5BCD-4E07-9892-CB00B741A011}
2012-06-28 02:18:46 -------- d-----w- C:\Users\Sarah\AppData\Local\{13AA78AE-320C-4D54-9298-12A034469D6A}
2012-06-28 00:09:25 -------- d-----w- C:\Users\Sarah\AppData\Roaming\fltk.org
2012-06-28 00:09:25 -------- d-----w- C:\ProgramData\fltk.org
2012-06-28 00:05:42 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent
2012-06-27 23:45:01 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-06-27 14:18:21 -------- d-----w- C:\Users\Sarah\AppData\Local\{45C5CE79-1B5C-48D0-8CD8-D74FCF708BD1}
2012-06-27 02:17:52 -------- d-----w- C:\Users\Sarah\AppData\Local\{4C048AC6-CBAD-4B4D-A7A3-409CB6C5046A}
2012-06-26 14:17:28 -------- d-----w- C:\Users\Sarah\AppData\Local\{E6B08D28-DA46-4834-8E99-CE1526BC6CCD}
2012-06-26 02:17:03 -------- d-----w- C:\Users\Sarah\AppData\Local\{37D92027-CCDC-4391-B8C8-D76F979F76B3}
2012-06-25 14:16:39 -------- d-----w- C:\Users\Sarah\AppData\Local\{9C95B025-EA05-481E-AD2C-04581590EE91}
2012-06-25 02:16:14 -------- d-----w- C:\Users\Sarah\AppData\Local\{27169762-9963-422C-8681-C77D7085306C}
2012-06-24 14:15:49 -------- d-----w- C:\Users\Sarah\AppData\Local\{CC5DDBB2-4851-47E5-8557-A6822872942C}
2012-06-24 02:15:24 -------- d-----w- C:\Users\Sarah\AppData\Local\{05DC08DE-3237-410C-B9C0-B3EC094F52F8}
2012-06-23 14:15:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{5AFB3070-ED74-4F0F-B242-FAD861E66706}
2012-06-22 14:18:35 -------- d-----w- C:\Users\Sarah\AppData\Local\{0282E542-D45A-419A-A751-D53AFF53E565}
2012-06-22 02:18:10 -------- d-----w- C:\Users\Sarah\AppData\Local\{93E1BEEC-63B3-44F9-9E75-6800AABBBD5A}
2012-06-21 14:17:45 -------- d-----w- C:\Users\Sarah\AppData\Local\{F1A301A1-9DF4-47E3-A8C4-EAE2D749499B}
2012-06-21 02:17:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{5FBD924D-0A2D-4DD9-A336-63E6B74C52A5}
2012-06-20 14:16:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{F32D8280-9988-4A2E-9A31-0F9AB05C8256}
2012-06-20 02:16:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{2632FCD3-FC77-4B83-AB21-A3149D08D5A0}
2012-06-19 15:02:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 15:02:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 15:02:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 15:02:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 14:16:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{24E49368-A2FD-469A-AC9E-EC2714776E00}
2012-06-19 02:15:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{34341ADF-E40A-43C1-A06A-3C45875107AC}
2012-06-18 02:15:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{15396338-48B3-491A-B3F1-41D8ED8C7AB8}
.
==================== Find3M ====================
.
2012-07-12 01:38:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:38:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 14:50:43.74 ===============
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
jtcarrie
2012-07-17, 23:04
Here is the Combofix log:
ComboFix 12-07-16.01 - Sarah 07/17/2012 15:45:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.4055 [GMT -4:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 19:50 . 2012-07-17 19:50 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2012-07-17 19:50 . 2012-07-17 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 02:26 . 2012-07-13 02:26 -------- d-----w- c:\program files (x86)\ERUNT
2012-07-12 22:16 . 2012-07-12 22:16 -------- d-----w- c:\program files (x86)\Safer Networking
2012-07-12 20:56 . 2012-07-12 22:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-12 20:56 . 2012-07-12 22:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-12 20:52 . 2012-07-12 20:52 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2012-07-12 20:51 . 2012-07-12 20:51 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 20:51 . 2012-07-12 20:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 20:51 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 20:44 . 2012-07-12 20:44 -------- d-----w- c:\users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
2012-07-12 20:44 . 2012-07-12 20:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-12 20:44 . 2012-07-12 20:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-12 17:56 . 2012-07-12 17:56 237 ----a-w- C:\user.js
2012-07-12 17:56 . 2012-07-12 17:56 -------- d-----w- c:\programdata\Premium
2012-07-12 17:56 . 2012-07-12 18:16 -------- d-----w- c:\programdata\InstallMate
2012-07-11 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 00:09 . 2012-06-28 00:09 -------- d-----w- c:\users\Sarah\AppData\Roaming\fltk.org
2012-06-28 00:09 . 2012-06-28 00:09 -------- d-----w- c:\programdata\fltk.org
2012-06-28 00:05 . 2012-06-28 00:09 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent
2012-06-27 23:45 . 2012-06-27 23:45 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-06-19 15:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 15:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 15:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 15:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 15:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 15:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 15:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 15:02 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 15:02 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 01:38 . 2012-04-09 19:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:38 . 2011-05-22 22:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 04:01 . 2012-06-13 17:05 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 17:05 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-13 17:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:05 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:05 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:05 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 17:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 17:05 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 17:05 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 17:05 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 17:04 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 17:04 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 17:04 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:04 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:04 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 17:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 17:05 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SansaDispatch"="c:\users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-02-17 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-12 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RemoteX"="c:\program files (x86)\RemoteX\RemoteXUser.exe" [2010-11-24 183808]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
Logitech Touch Mouse Server.lnk - c:\program files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 178688]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-04 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-05 834544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 __RemoteX__;RemoteX Server;c:\program files (x86)\RemoteX\RemoteX.exe [2010-11-24 266240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2012-01-25 517632]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-18 6853632]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-18 263680]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:38]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836415372-254199884-3377025973-1001Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 03:24]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836415372-254199884-3377025973-1001UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9nrwh3hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112462&babsrc=KW_ss&mntrId=3a81797500000000000000ff8023ef06&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112462
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.hardId - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\windows\SysWOW64\runonce.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-17 15:57:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 19:57
.
Pre-Run: 549,453,213,696 bytes free
Post-Run: 551,835,164,672 bytes free
.
- - End Of File - - C5D799C9B6C475751DDCF3E7D7F56C8B
Here is the DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Sarah at 16:01:52 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.4016 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\RemoteX\RemoteX.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\RemoteX\RemoteXUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SansaDispatch] C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [RemoteX] "C:\Program Files (x86)\RemoteX\RemoteXUser.exe"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A1CAFDC8-E541-4451-BB42-381772453D79} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [RemoteX] "C:\Program Files (x86)\RemoteX\RemoteXUser.exe"
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9nrwh3hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112462&babsrc=KW_ss&mntrId=3a81797500000000000000ff8023ef06&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112462
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.hardId - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:56:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-3-12 517632]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-30 673088]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-13 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2009-7-1 33448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-3-9 401920]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-17 19:58:32 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-17 19:57:48 -------- d-----w- C:\Users\Sarah\AppData\Local\temp
2012-07-17 19:43:55 98816 ----a-w- C:\Windows\sed.exe
2012-07-17 19:43:55 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-17 19:43:55 256000 ----a-w- C:\Windows\PEV.exe
2012-07-17 19:43:55 208896 ----a-w- C:\Windows\MBR.exe
2012-07-17 14:43:47 -------- d-----w- C:\Users\Sarah\AppData\Local\{8DC2486B-06ED-492E-9BDF-737DB5D82354}
2012-07-17 02:43:22 -------- d-----w- C:\Users\Sarah\AppData\Local\{59902DCB-1FEA-43DF-A27F-09B94229FFAC}
2012-07-16 14:42:58 -------- d-----w- C:\Users\Sarah\AppData\Local\{123EFEA4-A571-4304-A3A5-36934D2739A5}
2012-07-16 02:42:33 -------- d-----w- C:\Users\Sarah\AppData\Local\{92939BBD-F17B-42D5-B4C0-C943D410D487}
2012-07-15 14:42:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{74FFD88E-CFD4-4FEC-AF97-189553BE7102}
2012-07-15 02:41:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{00FCD6F0-1505-4CBB-8C8D-2C77C0374BA2}
2012-07-14 14:41:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{106BACF2-FCC9-44B9-9269-07B48445352C}
2012-07-14 02:40:56 -------- d-----w- C:\Users\Sarah\AppData\Local\{56F40085-3861-45F7-8910-7F063138A237}
2012-07-13 14:40:32 -------- d-----w- C:\Users\Sarah\AppData\Local\{8AAA539E-CF44-494F-9731-DE9054EF39EB}
2012-07-13 02:40:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{1831F907-C70C-4F1C-BD02-C840C086FFA3}
2012-07-13 02:39:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{BFB47624-F40A-4A53-B81E-4DD83C80D856}
2012-07-12 22:16:30 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-07-12 20:56:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-12 20:56:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-12 20:52:07 -------- d-----w- C:\Users\Sarah\AppData\Roaming\Malwarebytes
2012-07-12 20:51:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-12 20:51:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-12 20:51:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-12 20:44:20 -------- d-----w- C:\Users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
2012-07-12 20:44:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-12 20:44:02 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-12 17:56:38 -------- d-----w- C:\ProgramData\Premium
2012-07-12 17:56:11 -------- d-----w- C:\ProgramData\InstallMate
2012-07-12 14:39:29 -------- d-----w- C:\Users\Sarah\AppData\Local\{753B0855-936C-435E-A594-80513F7DE287}
2012-07-12 02:39:05 -------- d-----w- C:\Users\Sarah\AppData\Local\{B0E77A39-1019-4791-8518-51CEC7460FE0}
2012-07-11 14:38:39 -------- d-----w- C:\Users\Sarah\AppData\Local\{3257A436-0EEF-4D5F-8CC6-40351A7A0F14}
2012-07-11 14:38:26 -------- d-----w- C:\Users\Sarah\AppData\Local\{8D004D60-3740-4235-AC5B-337F3AE4586C}
2012-07-11 07:04:02 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 02:29:33 -------- d-----w- C:\Users\Sarah\AppData\Local\{56A3921A-B1BC-44F2-A175-32ABC02C5168}
2012-07-10 14:29:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{9A8DAE11-5B9E-4548-8271-63A8BA9FCACA}
2012-07-10 02:28:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{2BC2B83C-53B5-4597-ABA6-3EBB36DE67FD}
2012-07-09 14:28:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{774B5049-FA4D-498B-A409-575555A363EF}
2012-07-09 02:27:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{2E39295B-3BE0-445A-8F6A-008862B0E3EB}
2012-07-08 14:27:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{E2696292-8F9F-4263-AD5E-61F7FA8CAE66}
2012-07-08 02:27:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{5279A286-2340-4B1A-BD66-EEE7A813F7E2}
2012-07-07 14:26:42 -------- d-----w- C:\Users\Sarah\AppData\Local\{F66189FD-5FC7-4FB1-9BFA-38D220945F15}
2012-07-07 02:26:17 -------- d-----w- C:\Users\Sarah\AppData\Local\{FC794031-09FD-47CD-BA74-3B63D65FEF55}
2012-07-06 14:25:52 -------- d-----w- C:\Users\Sarah\AppData\Local\{8DEE34FD-0BA5-4BFA-9D93-AF00B8ED6DDD}
2012-07-06 02:25:27 -------- d-----w- C:\Users\Sarah\AppData\Local\{1CB50AD6-DF9A-4BFF-88A7-62F20904C4B0}
2012-07-05 14:25:02 -------- d-----w- C:\Users\Sarah\AppData\Local\{DC2341FA-0FD8-4E5F-BF22-4EA5FB069BA9}
2012-07-05 02:24:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{F2157CC9-EE3D-4016-A2FE-A04044C30AEA}
2012-07-04 14:24:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{6888138C-47D6-4582-8C29-97CB17ED4A67}
2012-07-04 02:23:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{8B8FC084-A74F-47E3-83FF-7EBEBEA35523}
2012-07-03 14:23:19 -------- d-----w- C:\Users\Sarah\AppData\Local\{38A7B859-EB74-4589-A885-4923C14F5CBD}
2012-07-03 02:22:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{089F2619-F32D-49A1-A5DC-11801CE863CA}
2012-07-02 14:22:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{58C8D52E-81DA-410D-ACFB-DEAD5E9CAD3F}
2012-07-02 02:22:06 -------- d-----w- C:\Users\Sarah\AppData\Local\{9F0EAE35-464A-494C-A20F-8DFB40D6FAA8}
2012-07-01 14:21:40 -------- d-----w- C:\Users\Sarah\AppData\Local\{B85D8FC9-436B-49F7-B7B9-F8D3236C8740}
2012-07-01 02:21:15 -------- d-----w- C:\Users\Sarah\AppData\Local\{E2BC96E3-DDF7-4C4E-A975-9E567DF9E9AC}
2012-06-30 14:20:49 -------- d-----w- C:\Users\Sarah\AppData\Local\{2CB28C06-C69A-412D-91FE-06E763E54163}
2012-06-30 02:20:25 -------- d-----w- C:\Users\Sarah\AppData\Local\{82BAD7F1-DADE-4C77-AC44-C08E027DAF5A}
2012-06-29 14:20:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{243B78F3-E159-48A1-A3B9-39C70C83BEB9}
2012-06-29 02:19:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{F9F13A31-E06F-4B2F-96AD-C8B6AB5EFD4A}
2012-06-28 14:19:12 -------- d-----w- C:\Users\Sarah\AppData\Local\{A66EDC16-5BCD-4E07-9892-CB00B741A011}
2012-06-28 02:18:46 -------- d-----w- C:\Users\Sarah\AppData\Local\{13AA78AE-320C-4D54-9298-12A034469D6A}
2012-06-28 00:09:25 -------- d-----w- C:\Users\Sarah\AppData\Roaming\fltk.org
2012-06-28 00:09:25 -------- d-----w- C:\ProgramData\fltk.org
2012-06-28 00:05:42 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent
2012-06-27 23:45:01 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-06-27 14:18:21 -------- d-----w- C:\Users\Sarah\AppData\Local\{45C5CE79-1B5C-48D0-8CD8-D74FCF708BD1}
2012-06-27 02:17:52 -------- d-----w- C:\Users\Sarah\AppData\Local\{4C048AC6-CBAD-4B4D-A7A3-409CB6C5046A}
2012-06-26 14:17:28 -------- d-----w- C:\Users\Sarah\AppData\Local\{E6B08D28-DA46-4834-8E99-CE1526BC6CCD}
2012-06-26 02:17:03 -------- d-----w- C:\Users\Sarah\AppData\Local\{37D92027-CCDC-4391-B8C8-D76F979F76B3}
2012-06-25 14:16:39 -------- d-----w- C:\Users\Sarah\AppData\Local\{9C95B025-EA05-481E-AD2C-04581590EE91}
2012-06-25 02:16:14 -------- d-----w- C:\Users\Sarah\AppData\Local\{27169762-9963-422C-8681-C77D7085306C}
2012-06-24 14:15:49 -------- d-----w- C:\Users\Sarah\AppData\Local\{CC5DDBB2-4851-47E5-8557-A6822872942C}
2012-06-24 02:15:24 -------- d-----w- C:\Users\Sarah\AppData\Local\{05DC08DE-3237-410C-B9C0-B3EC094F52F8}
2012-06-23 14:15:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{5AFB3070-ED74-4F0F-B242-FAD861E66706}
2012-06-22 14:18:35 -------- d-----w- C:\Users\Sarah\AppData\Local\{0282E542-D45A-419A-A751-D53AFF53E565}
2012-06-22 02:18:10 -------- d-----w- C:\Users\Sarah\AppData\Local\{93E1BEEC-63B3-44F9-9E75-6800AABBBD5A}
2012-06-21 14:17:45 -------- d-----w- C:\Users\Sarah\AppData\Local\{F1A301A1-9DF4-47E3-A8C4-EAE2D749499B}
2012-06-21 02:17:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{5FBD924D-0A2D-4DD9-A336-63E6B74C52A5}
2012-06-20 14:16:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{F32D8280-9988-4A2E-9A31-0F9AB05C8256}
2012-06-20 02:16:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{2632FCD3-FC77-4B83-AB21-A3149D08D5A0}
2012-06-19 15:02:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 15:02:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 15:02:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 15:02:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 14:16:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{24E49368-A2FD-469A-AC9E-EC2714776E00}
2012-06-19 02:15:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{34341ADF-E40A-43C1-A06A-3C45875107AC}
2012-06-18 02:15:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{15396338-48B3-491A-B3F1-41D8ED8C7AB8}
.
==================== Find3M ====================
.
2012-07-12 01:38:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:38:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 16:02:45.07 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Firefox::
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9nrwh3hi.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112462&babsrc=KW_ss&mntrId=3a81797500000000000000ff8023ef06&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112462
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.hardId - 3a81797500000000000000ff8023ef06
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15533
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1, 10.1.2 & 10.1.3 updates for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 7 Update 5 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
It's also strongly recommended to upgrade Internet Explorer to version 9. Even if IE wasn't used for surfing it should still be kept updated.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
jtcarrie
2012-07-19, 05:22
I went ahead and updated Adobe Reader and Java like you specified. Then I ran combofix with the new script. Then I updated IE and ran the ESET scan. Finally I ran the dds. I got an error that this post was too long, so I'll post the DDS log in the next post.
Here is the combo fix log:
ComboFix 12-07-18.04 - Sarah 07/18/2012 14:55:25.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.4325 [GMT -4:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
Command switches used :: c:\users\Sarah\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 18:59 . 2012-07-18 18:59 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2012-07-18 18:59 . 2012-07-18 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 18:51 . 2012-07-18 18:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-18 18:51 . 2012-07-18 18:50 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-17 19:57 . 2012-07-18 20:12 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2012-07-13 02:26 . 2012-07-13 02:26 -------- d-----w- c:\program files (x86)\ERUNT
2012-07-12 22:16 . 2012-07-12 22:16 -------- d-----w- c:\program files (x86)\Safer Networking
2012-07-12 20:56 . 2012-07-12 22:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-12 20:56 . 2012-07-12 22:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-12 20:52 . 2012-07-12 20:52 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2012-07-12 20:51 . 2012-07-12 20:51 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 20:51 . 2012-07-12 20:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 20:51 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 20:44 . 2012-07-12 20:44 -------- d-----w- c:\users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
2012-07-12 20:44 . 2012-07-12 20:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-12 20:44 . 2012-07-12 20:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-12 17:56 . 2012-07-12 17:56 237 ----a-w- C:\user.js
2012-07-12 17:56 . 2012-07-12 17:56 -------- d-----w- c:\programdata\Premium
2012-07-12 17:56 . 2012-07-12 18:16 -------- d-----w- c:\programdata\InstallMate
2012-07-11 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 00:09 . 2012-06-28 00:09 -------- d-----w- c:\users\Sarah\AppData\Roaming\fltk.org
2012-06-28 00:09 . 2012-06-28 00:09 -------- d-----w- c:\programdata\fltk.org
2012-06-28 00:05 . 2012-06-28 00:09 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent
2012-06-27 23:45 . 2012-06-27 23:45 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-06-19 15:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 15:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 15:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 15:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 15:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 15:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 15:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 15:02 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 15:02 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 18:50 . 2010-08-30 19:18 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 01:38 . 2012-04-09 19:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:38 . 2011-05-22 22:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:01 . 2010-09-04 23:25 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-05-15 04:01 . 2012-06-13 17:05 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 17:05 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 17:05 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-13 17:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:05 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:05 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:05 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 17:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 17:05 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 17:05 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 17:05 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 17:04 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 17:04 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 17:04 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:04 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:04 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 05:42 . 2012-06-13 17:05 1494016 ----a-w- c:\windows\system32\urlmon.dll
2012-04-20 05:42 . 2012-06-13 17:05 134144 ----a-w- c:\windows\system32\url.dll
2012-04-20 05:42 . 2012-06-13 17:05 9059840 ----a-w- c:\windows\system32\mshtml.dll
2012-04-20 05:42 . 2012-06-13 17:05 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-04-20 05:42 . 2012-06-13 17:05 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-04-20 05:42 . 2012-06-13 17:05 12297216 ----a-w- c:\windows\system32\ieframe.dll
2012-04-20 05:42 . 2012-06-13 17:05 247808 ----a-w- c:\windows\system32\ieui.dll
2012-04-20 05:42 . 2012-06-13 17:05 2454528 ----a-w- c:\windows\system32\iertutil.dll
2012-04-20 03:45 . 2012-06-13 17:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 17:05 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-17_19.53.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-18 19:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-17 19:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-18 19:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 19:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-18 19:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 19:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-30 19:40 . 2012-07-17 19:55 29616 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-17 19:55 26204 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-09-04 21:28 . 2012-07-17 19:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-04 21:28 . 2012-07-18 20:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-04 21:28 . 2012-07-17 19:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-04 21:28 . 2012-07-18 20:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 19:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-18 20:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-04 22:37 . 2012-07-18 19:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-04 22:37 . 2012-07-13 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-04 22:37 . 2012-07-13 01:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-04 22:37 . 2012-07-18 19:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-04 22:37 . 2012-07-18 19:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-04 22:37 . 2012-07-13 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-04 22:37 . 2012-07-18 20:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-04 22:37 . 2012-07-17 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-04 22:37 . 2012-07-18 20:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-04 22:37 . 2012-07-17 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2010-09-04 22:59 . 2012-07-17 19:55 9932 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1836415372-254199884-3377025973-1001_UserData.bin
+ 2012-07-18 19:01 . 2012-07-18 19:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-17 19:52 . 2012-07-17 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-18 19:01 . 2012-07-18 19:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-17 19:52 . 2012-07-17 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-18 18:51 . 2012-07-18 18:50 227824 c:\windows\SysWOW64\javaws.exe
+ 2012-07-18 18:51 . 2012-07-18 18:50 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-07-18 18:51 . 2012-07-18 18:50 174064 c:\windows\SysWOW64\java.exe
+ 2009-07-14 02:36 . 2012-07-18 19:05 624490 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-13 01:39 624490 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-13 01:39 107052 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-18 19:05 107052 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-17 19:50 514056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-18 18:59 514056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-18 18:51 . 2012-07-18 18:51 179200 c:\windows\Installer\4ea9ff2.msi
+ 2012-07-18 18:50 . 2012-07-18 18:50 867328 c:\windows\Installer\4ea9fed.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 214512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000040\9.0.0\icudt26l.dat
- 2011-02-09 08:17 . 2012-07-17 19:50 2068272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1836415372-254199884-3377025973-1001-12288.dat
+ 2011-02-09 08:17 . 2012-07-18 18:59 2068272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1836415372-254199884-3377025973-1001-12288.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\4ea98f4.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-07-18 18:38 . 2012-07-18 18:38 15929344 c:\windows\Installer\4ea9b0a.msp
+ 2012-07-18 18:38 . 2012-07-18 18:38 13135872 c:\windows\Installer\4ea99d3.msp
+ 2012-04-04 11:17 . 2012-04-04 11:17 16613376 c:\windows\Installer\4ea98f5.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SansaDispatch"="c:\users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-02-17 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-12 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RemoteX"="c:\program files (x86)\RemoteX\RemoteXUser.exe" [2010-11-24 183808]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
Logitech Touch Mouse Server.lnk - c:\program files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 178688]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-04 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-05 834544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 __RemoteX__;RemoteX Server;c:\program files (x86)\RemoteX\RemoteX.exe [2010-11-24 266240]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2012-01-25 517632]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-18 6853632]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-18 263680]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:38]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836415372-254199884-3377025973-1001Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 03:24]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836415372-254199884-3377025973-1001UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9nrwh3hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2012-07-18 16:15:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 20:15
ComboFix2.txt 2012-07-17 19:57
.
Pre-Run: 559,068,069,888 bytes free
Post-Run: 558,932,725,760 bytes free
.
- - End Of File - - 06ECE9B3287386D5FFC47A15A1569754
Here is the ESET Log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1a84d2f2097a6a498310600b1264b302
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-18 09:39:31
# local_time=2012-07-18 05:39:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776638 66 85 32912212 94186993 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=296164
# found=0
# cleaned=0
# scan_time=4028
jtcarrie
2012-07-19, 05:23
Here is the DDS log:
Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Sarah at 22:03:37 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6103.3819 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\RemoteX\RemoteX.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\RemoteX\RemoteXUser.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SansaDispatch] C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [RemoteX] "C:\Program Files (x86)\RemoteX\RemoteXUser.exe"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Sarah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A1CAFDC8-E541-4451-BB42-381772453D79} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [RemoteX] "C:\Program Files (x86)\RemoteX\RemoteXUser.exe"
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9nrwh3hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-3-12 517632]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-30 673088]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-13 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2009-7-1 33448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-3-9 401920]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-18 20:28:05 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-18 20:12:16 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-18 18:51:11 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-18 14:44:50 -------- d-----w- C:\Users\Sarah\AppData\Local\{8EDC7EF0-CCE6-45C9-B1A7-E3312CAF178D}
2012-07-18 02:44:24 -------- d-----w- C:\Users\Sarah\AppData\Local\{0263750B-74C3-40D2-AD74-C3E78F591C9E}
2012-07-18 02:44:13 -------- d-----w- C:\Users\Sarah\AppData\Local\{71C3C6B8-7E0F-4729-8759-7E734FD1B358}
2012-07-17 19:57:48 -------- d-----w- C:\Users\Sarah\AppData\Local\temp
2012-07-17 19:43:55 98816 ----a-w- C:\Windows\sed.exe
2012-07-17 19:43:55 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-17 19:43:55 256000 ----a-w- C:\Windows\PEV.exe
2012-07-17 19:43:55 208896 ----a-w- C:\Windows\MBR.exe
2012-07-17 14:43:47 -------- d-----w- C:\Users\Sarah\AppData\Local\{8DC2486B-06ED-492E-9BDF-737DB5D82354}
2012-07-17 02:43:22 -------- d-----w- C:\Users\Sarah\AppData\Local\{59902DCB-1FEA-43DF-A27F-09B94229FFAC}
2012-07-16 14:42:58 -------- d-----w- C:\Users\Sarah\AppData\Local\{123EFEA4-A571-4304-A3A5-36934D2739A5}
2012-07-16 02:42:33 -------- d-----w- C:\Users\Sarah\AppData\Local\{92939BBD-F17B-42D5-B4C0-C943D410D487}
2012-07-15 14:42:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{74FFD88E-CFD4-4FEC-AF97-189553BE7102}
2012-07-15 02:41:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{00FCD6F0-1505-4CBB-8C8D-2C77C0374BA2}
2012-07-14 14:41:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{106BACF2-FCC9-44B9-9269-07B48445352C}
2012-07-14 02:40:56 -------- d-----w- C:\Users\Sarah\AppData\Local\{56F40085-3861-45F7-8910-7F063138A237}
2012-07-13 14:40:32 -------- d-----w- C:\Users\Sarah\AppData\Local\{8AAA539E-CF44-494F-9731-DE9054EF39EB}
2012-07-13 02:40:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{1831F907-C70C-4F1C-BD02-C840C086FFA3}
2012-07-13 02:39:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{BFB47624-F40A-4A53-B81E-4DD83C80D856}
2012-07-12 22:16:30 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-07-12 20:56:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-12 20:56:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-12 20:52:07 -------- d-----w- C:\Users\Sarah\AppData\Roaming\Malwarebytes
2012-07-12 20:51:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-12 20:51:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-12 20:51:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-12 20:44:20 -------- d-----w- C:\Users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
2012-07-12 20:44:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-12 20:44:02 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-12 17:56:38 -------- d-----w- C:\ProgramData\Premium
2012-07-12 17:56:11 -------- d-----w- C:\ProgramData\InstallMate
2012-07-12 14:39:29 -------- d-----w- C:\Users\Sarah\AppData\Local\{753B0855-936C-435E-A594-80513F7DE287}
2012-07-12 02:39:05 -------- d-----w- C:\Users\Sarah\AppData\Local\{B0E77A39-1019-4791-8518-51CEC7460FE0}
2012-07-11 14:38:39 -------- d-----w- C:\Users\Sarah\AppData\Local\{3257A436-0EEF-4D5F-8CC6-40351A7A0F14}
2012-07-11 14:38:26 -------- d-----w- C:\Users\Sarah\AppData\Local\{8D004D60-3740-4235-AC5B-337F3AE4586C}
2012-07-11 07:04:02 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 02:29:33 -------- d-----w- C:\Users\Sarah\AppData\Local\{56A3921A-B1BC-44F2-A175-32ABC02C5168}
2012-07-10 14:29:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{9A8DAE11-5B9E-4548-8271-63A8BA9FCACA}
2012-07-10 02:28:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{2BC2B83C-53B5-4597-ABA6-3EBB36DE67FD}
2012-07-09 14:28:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{774B5049-FA4D-498B-A409-575555A363EF}
2012-07-09 02:27:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{2E39295B-3BE0-445A-8F6A-008862B0E3EB}
2012-07-08 14:27:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{E2696292-8F9F-4263-AD5E-61F7FA8CAE66}
2012-07-08 02:27:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{5279A286-2340-4B1A-BD66-EEE7A813F7E2}
2012-07-07 14:26:42 -------- d-----w- C:\Users\Sarah\AppData\Local\{F66189FD-5FC7-4FB1-9BFA-38D220945F15}
2012-07-07 02:26:17 -------- d-----w- C:\Users\Sarah\AppData\Local\{FC794031-09FD-47CD-BA74-3B63D65FEF55}
2012-07-06 14:25:52 -------- d-----w- C:\Users\Sarah\AppData\Local\{8DEE34FD-0BA5-4BFA-9D93-AF00B8ED6DDD}
2012-07-06 02:25:27 -------- d-----w- C:\Users\Sarah\AppData\Local\{1CB50AD6-DF9A-4BFF-88A7-62F20904C4B0}
2012-07-05 14:25:02 -------- d-----w- C:\Users\Sarah\AppData\Local\{DC2341FA-0FD8-4E5F-BF22-4EA5FB069BA9}
2012-07-05 02:24:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{F2157CC9-EE3D-4016-A2FE-A04044C30AEA}
2012-07-04 14:24:09 -------- d-----w- C:\Users\Sarah\AppData\Local\{6888138C-47D6-4582-8C29-97CB17ED4A67}
2012-07-04 02:23:44 -------- d-----w- C:\Users\Sarah\AppData\Local\{8B8FC084-A74F-47E3-83FF-7EBEBEA35523}
2012-07-03 14:23:19 -------- d-----w- C:\Users\Sarah\AppData\Local\{38A7B859-EB74-4589-A885-4923C14F5CBD}
2012-07-03 02:22:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{089F2619-F32D-49A1-A5DC-11801CE863CA}
2012-07-02 14:22:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{58C8D52E-81DA-410D-ACFB-DEAD5E9CAD3F}
2012-07-02 02:22:06 -------- d-----w- C:\Users\Sarah\AppData\Local\{9F0EAE35-464A-494C-A20F-8DFB40D6FAA8}
2012-07-01 14:21:40 -------- d-----w- C:\Users\Sarah\AppData\Local\{B85D8FC9-436B-49F7-B7B9-F8D3236C8740}
2012-07-01 02:21:15 -------- d-----w- C:\Users\Sarah\AppData\Local\{E2BC96E3-DDF7-4C4E-A975-9E567DF9E9AC}
2012-06-30 14:20:49 -------- d-----w- C:\Users\Sarah\AppData\Local\{2CB28C06-C69A-412D-91FE-06E763E54163}
2012-06-30 02:20:25 -------- d-----w- C:\Users\Sarah\AppData\Local\{82BAD7F1-DADE-4C77-AC44-C08E027DAF5A}
2012-06-29 14:20:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{243B78F3-E159-48A1-A3B9-39C70C83BEB9}
2012-06-29 02:19:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{F9F13A31-E06F-4B2F-96AD-C8B6AB5EFD4A}
2012-06-28 14:19:12 -------- d-----w- C:\Users\Sarah\AppData\Local\{A66EDC16-5BCD-4E07-9892-CB00B741A011}
2012-06-28 02:18:46 -------- d-----w- C:\Users\Sarah\AppData\Local\{13AA78AE-320C-4D54-9298-12A034469D6A}
2012-06-28 00:09:25 -------- d-----w- C:\Users\Sarah\AppData\Roaming\fltk.org
2012-06-28 00:09:25 -------- d-----w- C:\ProgramData\fltk.org
2012-06-28 00:05:42 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent
2012-06-27 23:45:01 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-06-27 14:18:21 -------- d-----w- C:\Users\Sarah\AppData\Local\{45C5CE79-1B5C-48D0-8CD8-D74FCF708BD1}
2012-06-27 02:17:52 -------- d-----w- C:\Users\Sarah\AppData\Local\{4C048AC6-CBAD-4B4D-A7A3-409CB6C5046A}
2012-06-26 14:17:28 -------- d-----w- C:\Users\Sarah\AppData\Local\{E6B08D28-DA46-4834-8E99-CE1526BC6CCD}
2012-06-26 02:17:03 -------- d-----w- C:\Users\Sarah\AppData\Local\{37D92027-CCDC-4391-B8C8-D76F979F76B3}
2012-06-25 14:16:39 -------- d-----w- C:\Users\Sarah\AppData\Local\{9C95B025-EA05-481E-AD2C-04581590EE91}
2012-06-25 02:16:14 -------- d-----w- C:\Users\Sarah\AppData\Local\{27169762-9963-422C-8681-C77D7085306C}
2012-06-24 14:15:49 -------- d-----w- C:\Users\Sarah\AppData\Local\{CC5DDBB2-4851-47E5-8557-A6822872942C}
2012-06-24 02:15:24 -------- d-----w- C:\Users\Sarah\AppData\Local\{05DC08DE-3237-410C-B9C0-B3EC094F52F8}
2012-06-23 14:15:00 -------- d-----w- C:\Users\Sarah\AppData\Local\{5AFB3070-ED74-4F0F-B242-FAD861E66706}
2012-06-22 14:18:35 -------- d-----w- C:\Users\Sarah\AppData\Local\{0282E542-D45A-419A-A751-D53AFF53E565}
2012-06-22 02:18:10 -------- d-----w- C:\Users\Sarah\AppData\Local\{93E1BEEC-63B3-44F9-9E75-6800AABBBD5A}
2012-06-21 14:17:45 -------- d-----w- C:\Users\Sarah\AppData\Local\{F1A301A1-9DF4-47E3-A8C4-EAE2D749499B}
2012-06-21 02:17:20 -------- d-----w- C:\Users\Sarah\AppData\Local\{5FBD924D-0A2D-4DD9-A336-63E6B74C52A5}
2012-06-20 14:16:55 -------- d-----w- C:\Users\Sarah\AppData\Local\{F32D8280-9988-4A2E-9A31-0F9AB05C8256}
2012-06-20 02:16:31 -------- d-----w- C:\Users\Sarah\AppData\Local\{2632FCD3-FC77-4B83-AB21-A3149D08D5A0}
2012-06-19 15:02:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 15:02:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 15:02:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 15:02:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 14:16:07 -------- d-----w- C:\Users\Sarah\AppData\Local\{24E49368-A2FD-469A-AC9E-EC2714776E00}
2012-06-19 02:15:36 -------- d-----w- C:\Users\Sarah\AppData\Local\{34341ADF-E40A-43C1-A06A-3C45875107AC}
.
==================== Find3M ====================
.
2012-07-18 18:50:55 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-12 01:38:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:38:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 22:04:32.61 ===============
Good. Does the Babylon toolbar issue (or some other issue) still appear?
jtcarrie
2012-07-19, 21:37
Yes, it still appears in Firefox. When I open a new tab it defaults to a Babylon Search link. It doesn't even say "New Tab"
Would you like a screenshot or is there a way I can send you the URL? I know we can't post them directly.
Hi,
Let's run one more tool.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
jtcarrie
2012-07-19, 22:54
OTL logfile created on: 7/19/2012 3:43:11 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Sarah\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.96 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.23% Memory free
11.92 Gb Paging File | 9.88 Gb Available in Paging File | 82.93% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690.18 Gb Total Space | 518.67 Gb Free Space | 75.15% Space Free | Partition Type: NTFS
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\RemoteX\remotex.exe (http://www.PEEPLEware.com)
PRC - C:\Program Files (x86)\RemoteX\RemoteXUser.exe (http://www.PEEPLEware.com)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\RemoteX\Modules\Computer.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\customui.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
MOD - C:\Windows\SysWOW64\dleasmr.dll ()
MOD - C:\Windows\SysWOW64\dleasm.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (__RemoteX__) -- C:\Program Files (x86)\RemoteX\RemoteX.exe (http://www.PEEPLEware.com)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (EraserSvc11210) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (XBCD) -- C:\Windows\SysNative\drivers\xbcd.sys (XBCD Project)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120718.002\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120718.002\eng64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {BF73282A-0B58-430E-8132-4705C5AFCEFF}
IE:64bit: - HKLM\..\SearchScopes\{BF73282A-0B58-430E-8132-4705C5AFCEFF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EB5993B1-0817-492E-BAC9-6F8CC06ED9D0}
IE - HKLM\..\SearchScopes\{EB5993B1-0817-492E-BAC9-6F8CC06ED9D0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112462&babsrc=SP_ss&mntrId=3a81797500000000000000ff8023ef06
IE - HKCU\..\SearchScopes\{EB5993B1-0817-492E-BAC9-6F8CC06ED9D0}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 00:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/18 14:51:11 | 000,000,000 | ---D | M]
[2010/09/04 18:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
[2012/07/12 14:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9nrwh3hi.default\extensions
[2011/04/15 23:20:34 | 000,001,832 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\9nrwh3hi.default\searchplugins\bing.xml
[2012/05/05 19:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/18 00:24:14 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/10/23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/06/06 23:19:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/06 23:19:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.iusb.edu/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&affID=112462&babsrc=SP_ss&mntrId=3a81797500000000000000ff8023ef06
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.iusb.edu/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Entanglement = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Play Music = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
CHR - Extension: Blogger = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc\1_0\
CHR - Extension: Poppit = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Gmail = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/07/18 16:12:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RemoteX] C:\Program Files (x86)\RemoteX\RemoteXUser.exe (http://www.PEEPLEware.com)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Sarah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1CAFDC8-E541-4451-BB42-381772453D79}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
jtcarrie
2012-07-19, 22:56
Here is the rest of the OTL.txt
========== Files/Folders - Created Within 30 Days ==========
[2012/07/19 15:41:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012/07/19 10:45:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2357657A-4094-4971-BED5-3C0062E5299E}
[2012/07/18 22:45:27 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{DB62E5C4-97D6-4B78-B854-7BECB7CB1975}
[2012/07/18 22:45:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{1414F3F0-936A-490C-950D-3D21DCE11575}
[2012/07/18 16:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/18 16:20:25 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/18 16:20:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/18 16:20:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/18 16:20:25 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/18 16:20:25 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/18 16:20:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/18 16:20:25 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/18 16:20:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/18 16:20:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/18 16:20:25 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/18 16:20:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/18 16:20:25 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/18 16:20:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/18 16:20:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/18 16:20:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/18 16:20:25 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/18 16:20:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/18 16:20:25 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/18 16:20:25 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/18 16:20:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/18 16:20:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/18 16:20:25 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/07/18 16:20:25 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/18 16:20:25 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/18 16:20:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/18 16:20:25 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/18 16:20:25 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/18 16:20:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/18 16:20:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/18 16:20:25 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/18 16:20:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/18 16:20:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/18 16:20:24 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/18 16:20:24 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/18 16:20:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/18 16:20:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/18 16:20:24 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/18 16:20:24 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/18 16:20:24 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/18 16:20:24 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/18 16:20:24 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/18 16:20:24 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/18 16:20:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/18 16:20:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/18 16:20:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/18 16:20:24 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/18 16:20:24 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/18 16:20:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/18 16:20:24 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/18 16:20:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/18 16:20:24 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/18 16:20:24 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/18 16:20:24 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/18 16:20:24 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/18 16:20:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/18 16:20:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/18 16:20:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/18 16:20:24 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/18 16:20:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/18 16:20:24 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/18 16:20:24 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/07/18 16:20:24 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/18 16:20:24 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/18 16:20:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/18 16:20:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/18 16:20:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/18 16:20:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/18 16:20:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/18 16:20:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/18 16:20:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/18 16:20:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/18 16:20:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/18 16:15:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/18 16:12:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/18 14:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/18 14:51:11 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/18 14:51:11 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/18 14:51:02 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/18 14:51:02 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/18 14:41:18 | 021,055,472 | ---- | C] (Oracle Corporation) -- C:\Users\Sarah\Desktop\jre-7u5-windows-i586.exe
[2012/07/18 14:35:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/18 10:44:50 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8EDC7EF0-CCE6-45C9-B1A7-E3312CAF178D}
[2012/07/17 22:44:24 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{0263750B-74C3-40D2-AD74-C3E78F591C9E}
[2012/07/17 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{71C3C6B8-7E0F-4729-8759-7E734FD1B358}
[2012/07/17 15:57:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
[2012/07/17 15:43:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/17 15:43:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/17 15:43:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/17 15:42:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/17 15:35:26 | 004,582,182 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2012/07/17 10:43:47 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8DC2486B-06ED-492E-9BDF-737DB5D82354}
[2012/07/16 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{59902DCB-1FEA-43DF-A27F-09B94229FFAC}
[2012/07/16 10:42:58 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{123EFEA4-A571-4304-A3A5-36934D2739A5}
[2012/07/15 22:42:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{92939BBD-F17B-42D5-B4C0-C943D410D487}
[2012/07/15 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{74FFD88E-CFD4-4FEC-AF97-189553BE7102}
[2012/07/14 22:41:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{00FCD6F0-1505-4CBB-8C8D-2C77C0374BA2}
[2012/07/14 10:41:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{106BACF2-FCC9-44B9-9269-07B48445352C}
[2012/07/13 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{56F40085-3861-45F7-8910-7F063138A237}
[2012/07/13 10:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8AAA539E-CF44-494F-9731-DE9054EF39EB}
[2012/07/12 22:40:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{1831F907-C70C-4F1C-BD02-C840C086FFA3}
[2012/07/12 22:39:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{BFB47624-F40A-4A53-B81E-4DD83C80D856}
[2012/07/12 22:27:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/12 22:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/12 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/12 22:23:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\dds.com
[2012/07/12 18:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/12 18:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/07/12 18:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/07/12 16:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/12 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/12 16:52:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2012/07/12 16:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/12 16:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/12 16:51:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/12 16:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/12 16:44:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/12 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/12 16:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/12 16:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/12 13:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/07/12 13:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/07/12 10:39:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{753B0855-936C-435E-A594-80513F7DE287}
[2012/07/11 22:39:05 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{B0E77A39-1019-4791-8518-51CEC7460FE0}
[2012/07/11 10:38:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{3257A436-0EEF-4D5F-8CC6-40351A7A0F14}
[2012/07/11 10:38:26 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8D004D60-3740-4235-AC5B-337F3AE4586C}
[2012/07/10 22:29:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{56A3921A-B1BC-44F2-A175-32ABC02C5168}
[2012/07/10 14:18:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 14:18:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 14:18:16 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 14:18:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 14:18:13 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 10:29:09 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{9A8DAE11-5B9E-4548-8271-63A8BA9FCACA}
[2012/07/09 22:28:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2BC2B83C-53B5-4597-ABA6-3EBB36DE67FD}
[2012/07/09 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{774B5049-FA4D-498B-A409-575555A363EF}
[2012/07/08 22:27:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2E39295B-3BE0-445A-8F6A-008862B0E3EB}
[2012/07/08 10:27:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{E2696292-8F9F-4263-AD5E-61F7FA8CAE66}
[2012/07/07 22:27:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{5279A286-2340-4B1A-BD66-EEE7A813F7E2}
[2012/07/07 10:26:42 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F66189FD-5FC7-4FB1-9BFA-38D220945F15}
[2012/07/06 22:26:17 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{FC794031-09FD-47CD-BA74-3B63D65FEF55}
[2012/07/06 10:25:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8DEE34FD-0BA5-4BFA-9D93-AF00B8ED6DDD}
[2012/07/05 22:25:27 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{1CB50AD6-DF9A-4BFF-88A7-62F20904C4B0}
[2012/07/05 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{DC2341FA-0FD8-4E5F-BF22-4EA5FB069BA9}
[2012/07/04 22:24:36 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F2157CC9-EE3D-4016-A2FE-A04044C30AEA}
[2012/07/04 10:24:09 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{6888138C-47D6-4582-8C29-97CB17ED4A67}
[2012/07/03 22:23:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8B8FC084-A74F-47E3-83FF-7EBEBEA35523}
[2012/07/03 10:23:19 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{38A7B859-EB74-4589-A885-4923C14F5CBD}
[2012/07/02 22:22:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{089F2619-F32D-49A1-A5DC-11801CE863CA}
[2012/07/02 10:22:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{58C8D52E-81DA-410D-ACFB-DEAD5E9CAD3F}
[2012/07/01 22:22:06 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{9F0EAE35-464A-494C-A20F-8DFB40D6FAA8}
[2012/07/01 10:21:40 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{B85D8FC9-436B-49F7-B7B9-F8D3236C8740}
[2012/06/30 22:21:15 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{E2BC96E3-DDF7-4C4E-A975-9E567DF9E9AC}
[2012/06/30 10:20:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2CB28C06-C69A-412D-91FE-06E763E54163}
[2012/06/29 22:20:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{82BAD7F1-DADE-4C77-AC44-C08E027DAF5A}
[2012/06/29 10:20:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{243B78F3-E159-48A1-A3B9-39C70C83BEB9}
[2012/06/28 22:19:36 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F9F13A31-E06F-4B2F-96AD-C8B6AB5EFD4A}
[2012/06/28 10:19:12 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{A66EDC16-5BCD-4E07-9892-CB00B741A011}
[2012/06/27 22:18:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{13AA78AE-320C-4D54-9298-12A034469D6A}
[2012/06/27 20:09:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\fltk.org
[2012/06/27 20:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012/06/27 20:09:23 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Amnesia
[2012/06/27 20:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2012/06/27 20:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2012/06/27 19:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012/06/27 10:18:21 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{45C5CE79-1B5C-48D0-8CD8-D74FCF708BD1}
[2012/06/26 22:17:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{4C048AC6-CBAD-4B4D-A7A3-409CB6C5046A}
[2012/06/26 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{E6B08D28-DA46-4834-8E99-CE1526BC6CCD}
[2012/06/25 22:17:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{37D92027-CCDC-4391-B8C8-D76F979F76B3}
[2012/06/25 10:16:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{9C95B025-EA05-481E-AD2C-04581590EE91}
[2012/06/24 22:16:14 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{27169762-9963-422C-8681-C77D7085306C}
[2012/06/24 10:15:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{CC5DDBB2-4851-47E5-8557-A6822872942C}
[2012/06/23 22:15:24 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{05DC08DE-3237-410C-B9C0-B3EC094F52F8}
[2012/06/23 10:15:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{5AFB3070-ED74-4F0F-B242-FAD861E66706}
[2012/06/22 10:18:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{0282E542-D45A-419A-A751-D53AFF53E565}
[2012/06/21 22:18:10 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{93E1BEEC-63B3-44F9-9E75-6800AABBBD5A}
[2012/06/21 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\k8-parsimonious-countrycottage-welshdresser-190909-1
[2012/06/21 20:56:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\k8-parsimonious-bathtub-artnouveau-032711
[2012/06/21 20:55:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\k8-parsimonious-countrycottage-welshdresser-190909
[2012/06/21 10:17:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F1A301A1-9DF4-47E3-A8C4-EAE2D749499B}
[2012/06/20 22:17:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{5FBD924D-0A2D-4DD9-A336-63E6B74C52A5}
[2012/06/20 12:29:40 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\fwemailingpics
[2012/06/20 10:16:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F32D8280-9988-4A2E-9A31-0F9AB05C8256}
[2012/06/19 22:16:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2632FCD3-FC77-4B83-AB21-A3149D08D5A0}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/19 15:44:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1836415372-254199884-3377025973-1001UA.job
[2012/07/19 15:41:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012/07/19 15:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/19 11:44:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1836415372-254199884-3377025973-1001Core.job
[2012/07/18 16:32:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 16:32:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 16:31:25 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/18 16:31:25 | 000,624,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/18 16:31:25 | 000,107,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/18 16:25:24 | 000,001,473 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/18 16:25:10 | 000,000,632 | RHS- | M] () -- C:\Users\Sarah\ntuser.pol
[2012/07/18 16:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 16:23:23 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 16:20:25 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/18 16:20:25 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/18 16:20:25 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/18 16:20:25 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/18 16:20:25 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/18 16:20:25 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/18 16:20:25 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/18 16:20:25 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/18 16:20:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/18 16:20:25 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/18 16:20:25 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/18 16:20:25 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/18 16:20:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/18 16:20:25 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/18 16:20:25 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/18 16:20:25 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/18 16:20:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/18 16:20:25 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/18 16:20:25 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/18 16:20:25 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/18 16:20:25 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/18 16:20:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/07/18 16:20:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/18 16:20:25 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/18 16:20:25 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/18 16:20:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/18 16:20:25 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/18 16:20:25 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/18 16:20:25 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/18 16:20:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/18 16:20:25 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/18 16:20:25 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/18 16:20:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/18 16:20:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/18 16:20:24 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/18 16:20:24 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/18 16:20:24 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/18 16:20:24 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/18 16:20:24 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/18 16:20:24 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/18 16:20:24 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/18 16:20:24 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/18 16:20:24 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/18 16:20:24 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/18 16:20:24 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/18 16:20:24 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/18 16:20:24 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/18 16:20:24 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/18 16:20:24 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/18 16:20:24 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/18 16:20:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/18 16:20:24 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/18 16:20:24 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/18 16:20:24 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/18 16:20:24 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/18 16:20:24 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/18 16:20:24 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/18 16:20:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/18 16:20:24 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/18 16:20:24 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/18 16:20:24 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/18 16:20:24 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/07/18 16:20:24 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/18 16:20:24 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/18 16:20:24 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/18 16:20:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/18 16:20:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/18 16:20:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/18 16:20:24 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/18 16:20:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/18 16:20:24 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/18 16:20:24 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/18 16:20:24 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/18 16:20:24 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/18 16:12:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/18 14:53:26 | 004,582,182 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2012/07/18 14:50:55 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/18 14:50:55 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/18 14:50:55 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/18 14:50:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/18 14:50:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/18 14:46:18 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/18 14:41:47 | 021,055,472 | ---- | M] (Oracle Corporation) -- C:\Users\Sarah\Desktop\jre-7u5-windows-i586.exe
[2012/07/18 14:39:02 | 016,613,376 | ---- | M] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1013.msp
[2012/07/18 14:38:54 | 015,929,344 | ---- | M] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1012.msp
[2012/07/18 14:38:26 | 013,135,872 | ---- | M] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1011.msp
[2012/07/18 00:24:15 | 000,002,046 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/12 22:26:44 | 000,000,941 | ---- | M] () -- C:\Users\Sarah\Desktop\ERUNT.lnk
[2012/07/12 22:22:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\dds.com
[2012/07/12 18:43:05 | 000,001,294 | ---- | M] () -- C:\Users\Sarah\Desktop\Spybot - Search & Destroy.lnk
[2012/07/12 17:43:00 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120712-180719.backup
[2012/07/12 13:56:51 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/07/12 13:21:42 | 000,002,577 | ---- | M] () -- C:\Users\Sarah\Desktop\Readme.nfo - Shortcut.lnk
[2012/07/11 21:38:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 21:38:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 03:22:44 | 005,058,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/09 22:47:06 | 002,349,078 | ---- | M] () -- C:\Users\Sarah\Desktop\the heckler.ai
[2012/07/09 22:47:01 | 000,033,376 | ---- | M] () -- C:\Users\Sarah\Desktop\the-heckler3.jpg
[2012/07/09 22:46:40 | 000,053,776 | ---- | M] () -- C:\Users\Sarah\Desktop\the-heckler2.jpg
[2012/07/09 22:46:18 | 000,030,030 | ---- | M] () -- C:\Users\Sarah\Desktop\the-heckler1.jpg
[2012/07/08 20:08:15 | 000,059,888 | ---- | M] () -- C:\Users\Sarah\Desktop\man_heck2.JPG
[2012/07/08 20:07:13 | 000,058,122 | ---- | M] () -- C:\Users\Sarah\Desktop\man_heck1.JPG
[2012/07/06 21:00:44 | 000,031,454 | ---- | M] () -- C:\Users\Sarah\Desktop\lens1399061_yelling_man.png
[2012/07/06 20:56:36 | 000,017,623 | ---- | M] () -- C:\Users\Sarah\Desktop\man-with-megaphone.gif
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/18 16:20:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/18 16:20:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/18 14:46:18 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/18 14:46:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/18 14:38:13 | 016,613,376 | ---- | C] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1013.msp
[2012/07/18 14:38:05 | 015,929,344 | ---- | C] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1012.msp
[2012/07/18 14:37:52 | 013,135,872 | ---- | C] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1011.msp
[2012/07/17 15:43:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/17 15:43:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/17 15:43:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/17 15:43:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/17 15:43:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/12 22:26:44 | 000,000,941 | ---- | C] () -- C:\Users\Sarah\Desktop\ERUNT.lnk
[2012/07/12 18:43:05 | 000,001,294 | ---- | C] () -- C:\Users\Sarah\Desktop\Spybot - Search & Destroy.lnk
[2012/07/12 13:56:47 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/07/09 22:47:01 | 000,033,376 | ---- | C] () -- C:\Users\Sarah\Desktop\the-heckler3.jpg
[2012/07/09 22:46:40 | 000,053,776 | ---- | C] () -- C:\Users\Sarah\Desktop\the-heckler2.jpg
[2012/07/09 22:46:18 | 000,030,030 | ---- | C] () -- C:\Users\Sarah\Desktop\the-heckler1.jpg
[2012/07/08 20:08:15 | 000,059,888 | ---- | C] () -- C:\Users\Sarah\Desktop\man_heck2.JPG
[2012/07/08 20:07:12 | 000,058,122 | ---- | C] () -- C:\Users\Sarah\Desktop\man_heck1.JPG
[2012/07/06 23:19:34 | 002,349,078 | ---- | C] () -- C:\Users\Sarah\Desktop\the heckler.ai
[2012/07/06 21:00:43 | 000,031,454 | ---- | C] () -- C:\Users\Sarah\Desktop\lens1399061_yelling_man.png
[2012/07/06 20:56:35 | 000,017,623 | ---- | C] () -- C:\Users\Sarah\Desktop\man-with-megaphone.gif
[2011/11/24 00:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/11/23 00:52:19 | 000,000,132 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/10 12:50:02 | 000,000,132 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/12 11:05:47 | 000,000,632 | RHS- | C] () -- C:\Users\Sarah\ntuser.pol
[2010/11/20 20:23:20 | 000,001,456 | ---- | C] () -- C:\Users\Sarah\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/06 14:51:59 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2010/09/06 14:51:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2010/09/06 14:51:58 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2010/09/06 14:51:58 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2010/09/06 14:51:57 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2010/09/06 14:51:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2010/09/06 14:51:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2010/09/06 14:51:56 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2010/09/06 14:51:56 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2010/09/06 14:51:56 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2010/09/06 14:51:55 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2010/09/06 14:51:55 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2010/09/06 14:51:55 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2010/09/06 14:51:54 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2010/09/06 14:51:53 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2010/09/06 14:51:52 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2010/09/06 14:51:52 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2010/09/06 14:51:51 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2010/09/06 14:51:50 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2010/09/06 14:51:50 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2010/09/06 14:51:49 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2010/09/06 14:51:49 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2010/09/04 22:24:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/30 17:55:19 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/08/30 17:14:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
< End of report >
jtcarrie
2012-07-19, 22:57
And here is the Extras.txt
========== Files/Folders - Created Within 30 Days ==========
[2012/07/19 15:41:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012/07/19 10:45:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2357657A-4094-4971-BED5-3C0062E5299E}
[2012/07/18 22:45:27 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{DB62E5C4-97D6-4B78-B854-7BECB7CB1975}
[2012/07/18 22:45:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{1414F3F0-936A-490C-950D-3D21DCE11575}
[2012/07/18 16:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/18 16:20:25 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/18 16:20:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/18 16:20:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/18 16:20:25 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/18 16:20:25 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/18 16:20:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/18 16:20:25 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/18 16:20:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/18 16:20:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/18 16:20:25 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/18 16:20:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/18 16:20:25 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/18 16:20:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/18 16:20:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/18 16:20:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/18 16:20:25 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/18 16:20:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/18 16:20:25 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/18 16:20:25 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/18 16:20:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/18 16:20:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/18 16:20:25 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/07/18 16:20:25 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/18 16:20:25 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/18 16:20:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/18 16:20:25 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/18 16:20:25 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/18 16:20:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/18 16:20:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/18 16:20:25 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/18 16:20:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/18 16:20:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/18 16:20:24 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/18 16:20:24 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/18 16:20:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/18 16:20:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/18 16:20:24 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/18 16:20:24 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/18 16:20:24 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/18 16:20:24 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/18 16:20:24 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/18 16:20:24 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/18 16:20:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/18 16:20:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/18 16:20:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/18 16:20:24 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/18 16:20:24 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/18 16:20:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/18 16:20:24 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/18 16:20:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/18 16:20:24 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/18 16:20:24 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/18 16:20:24 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/18 16:20:24 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/18 16:20:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/18 16:20:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/18 16:20:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/18 16:20:24 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/18 16:20:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/18 16:20:24 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/18 16:20:24 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/07/18 16:20:24 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/18 16:20:24 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/18 16:20:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/18 16:20:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/18 16:20:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/18 16:20:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/18 16:20:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/18 16:20:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/18 16:20:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/18 16:20:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/18 16:20:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/18 16:15:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/18 16:12:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/18 14:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/18 14:51:11 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/18 14:51:11 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/18 14:51:02 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/18 14:51:02 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/18 14:41:18 | 021,055,472 | ---- | C] (Oracle Corporation) -- C:\Users\Sarah\Desktop\jre-7u5-windows-i586.exe
[2012/07/18 14:35:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/18 10:44:50 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8EDC7EF0-CCE6-45C9-B1A7-E3312CAF178D}
[2012/07/17 22:44:24 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{0263750B-74C3-40D2-AD74-C3E78F591C9E}
[2012/07/17 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{71C3C6B8-7E0F-4729-8759-7E734FD1B358}
[2012/07/17 15:57:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
[2012/07/17 15:43:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/17 15:43:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/17 15:43:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/17 15:42:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/17 15:35:26 | 004,582,182 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2012/07/17 10:43:47 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8DC2486B-06ED-492E-9BDF-737DB5D82354}
[2012/07/16 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{59902DCB-1FEA-43DF-A27F-09B94229FFAC}
[2012/07/16 10:42:58 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{123EFEA4-A571-4304-A3A5-36934D2739A5}
[2012/07/15 22:42:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{92939BBD-F17B-42D5-B4C0-C943D410D487}
[2012/07/15 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{74FFD88E-CFD4-4FEC-AF97-189553BE7102}
[2012/07/14 22:41:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{00FCD6F0-1505-4CBB-8C8D-2C77C0374BA2}
[2012/07/14 10:41:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{106BACF2-FCC9-44B9-9269-07B48445352C}
[2012/07/13 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{56F40085-3861-45F7-8910-7F063138A237}
[2012/07/13 10:40:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8AAA539E-CF44-494F-9731-DE9054EF39EB}
[2012/07/12 22:40:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{1831F907-C70C-4F1C-BD02-C840C086FFA3}
[2012/07/12 22:39:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{BFB47624-F40A-4A53-B81E-4DD83C80D856}
[2012/07/12 22:27:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/12 22:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/12 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/12 22:23:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\dds.com
[2012/07/12 18:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/12 18:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/07/12 18:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/07/12 16:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/12 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/12 16:52:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2012/07/12 16:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/12 16:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/12 16:51:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/12 16:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/12 16:44:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/12 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/12 16:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/12 16:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/12 13:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/07/12 13:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/07/12 10:39:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{753B0855-936C-435E-A594-80513F7DE287}
[2012/07/11 22:39:05 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{B0E77A39-1019-4791-8518-51CEC7460FE0}
[2012/07/11 10:38:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{3257A436-0EEF-4D5F-8CC6-40351A7A0F14}
[2012/07/11 10:38:26 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8D004D60-3740-4235-AC5B-337F3AE4586C}
[2012/07/10 22:29:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{56A3921A-B1BC-44F2-A175-32ABC02C5168}
[2012/07/10 14:18:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 14:18:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 14:18:16 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 14:18:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 14:18:13 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 10:29:09 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{9A8DAE11-5B9E-4548-8271-63A8BA9FCACA}
[2012/07/09 22:28:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2BC2B83C-53B5-4597-ABA6-3EBB36DE67FD}
[2012/07/09 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{774B5049-FA4D-498B-A409-575555A363EF}
[2012/07/08 22:27:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2E39295B-3BE0-445A-8F6A-008862B0E3EB}
[2012/07/08 10:27:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{E2696292-8F9F-4263-AD5E-61F7FA8CAE66}
[2012/07/07 22:27:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{5279A286-2340-4B1A-BD66-EEE7A813F7E2}
[2012/07/07 10:26:42 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F66189FD-5FC7-4FB1-9BFA-38D220945F15}
[2012/07/06 22:26:17 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{FC794031-09FD-47CD-BA74-3B63D65FEF55}
[2012/07/06 10:25:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8DEE34FD-0BA5-4BFA-9D93-AF00B8ED6DDD}
[2012/07/05 22:25:27 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{1CB50AD6-DF9A-4BFF-88A7-62F20904C4B0}
[2012/07/05 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{DC2341FA-0FD8-4E5F-BF22-4EA5FB069BA9}
[2012/07/04 22:24:36 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F2157CC9-EE3D-4016-A2FE-A04044C30AEA}
[2012/07/04 10:24:09 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{6888138C-47D6-4582-8C29-97CB17ED4A67}
[2012/07/03 22:23:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{8B8FC084-A74F-47E3-83FF-7EBEBEA35523}
[2012/07/03 10:23:19 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{38A7B859-EB74-4589-A885-4923C14F5CBD}
[2012/07/02 22:22:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{089F2619-F32D-49A1-A5DC-11801CE863CA}
[2012/07/02 10:22:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{58C8D52E-81DA-410D-ACFB-DEAD5E9CAD3F}
[2012/07/01 22:22:06 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{9F0EAE35-464A-494C-A20F-8DFB40D6FAA8}
[2012/07/01 10:21:40 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{B85D8FC9-436B-49F7-B7B9-F8D3236C8740}
[2012/06/30 22:21:15 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{E2BC96E3-DDF7-4C4E-A975-9E567DF9E9AC}
[2012/06/30 10:20:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2CB28C06-C69A-412D-91FE-06E763E54163}
[2012/06/29 22:20:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{82BAD7F1-DADE-4C77-AC44-C08E027DAF5A}
[2012/06/29 10:20:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{243B78F3-E159-48A1-A3B9-39C70C83BEB9}
[2012/06/28 22:19:36 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F9F13A31-E06F-4B2F-96AD-C8B6AB5EFD4A}
[2012/06/28 10:19:12 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{A66EDC16-5BCD-4E07-9892-CB00B741A011}
[2012/06/27 22:18:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{13AA78AE-320C-4D54-9298-12A034469D6A}
[2012/06/27 20:09:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\fltk.org
[2012/06/27 20:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012/06/27 20:09:23 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Amnesia
[2012/06/27 20:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2012/06/27 20:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2012/06/27 19:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012/06/27 10:18:21 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{45C5CE79-1B5C-48D0-8CD8-D74FCF708BD1}
[2012/06/26 22:17:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{4C048AC6-CBAD-4B4D-A7A3-409CB6C5046A}
[2012/06/26 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{E6B08D28-DA46-4834-8E99-CE1526BC6CCD}
[2012/06/25 22:17:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{37D92027-CCDC-4391-B8C8-D76F979F76B3}
[2012/06/25 10:16:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{9C95B025-EA05-481E-AD2C-04581590EE91}
[2012/06/24 22:16:14 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{27169762-9963-422C-8681-C77D7085306C}
[2012/06/24 10:15:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{CC5DDBB2-4851-47E5-8557-A6822872942C}
[2012/06/23 22:15:24 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{05DC08DE-3237-410C-B9C0-B3EC094F52F8}
[2012/06/23 10:15:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{5AFB3070-ED74-4F0F-B242-FAD861E66706}
[2012/06/22 10:18:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{0282E542-D45A-419A-A751-D53AFF53E565}
[2012/06/21 22:18:10 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{93E1BEEC-63B3-44F9-9E75-6800AABBBD5A}
[2012/06/21 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\k8-parsimonious-countrycottage-welshdresser-190909-1
[2012/06/21 20:56:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\k8-parsimonious-bathtub-artnouveau-032711
[2012/06/21 20:55:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\k8-parsimonious-countrycottage-welshdresser-190909
[2012/06/21 10:17:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F1A301A1-9DF4-47E3-A8C4-EAE2D749499B}
[2012/06/20 22:17:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{5FBD924D-0A2D-4DD9-A336-63E6B74C52A5}
[2012/06/20 12:29:40 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\fwemailingpics
[2012/06/20 10:16:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{F32D8280-9988-4A2E-9A31-0F9AB05C8256}
[2012/06/19 22:16:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\{2632FCD3-FC77-4B83-AB21-A3149D08D5A0}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/19 15:44:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1836415372-254199884-3377025973-1001UA.job
[2012/07/19 15:41:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2012/07/19 15:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/19 11:44:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1836415372-254199884-3377025973-1001Core.job
[2012/07/18 16:32:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 16:32:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 16:31:25 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/18 16:31:25 | 000,624,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/18 16:31:25 | 000,107,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/18 16:25:24 | 000,001,473 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/18 16:25:10 | 000,000,632 | RHS- | M] () -- C:\Users\Sarah\ntuser.pol
[2012/07/18 16:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 16:23:23 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 16:20:25 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/18 16:20:25 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/18 16:20:25 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/18 16:20:25 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/18 16:20:25 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/18 16:20:25 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/18 16:20:25 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/18 16:20:25 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/18 16:20:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/18 16:20:25 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/18 16:20:25 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/18 16:20:25 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/18 16:20:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/18 16:20:25 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/18 16:20:25 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/18 16:20:25 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/18 16:20:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/18 16:20:25 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/18 16:20:25 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/18 16:20:25 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/18 16:20:25 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/18 16:20:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/07/18 16:20:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/18 16:20:25 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/18 16:20:25 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/18 16:20:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/18 16:20:25 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/18 16:20:25 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/18 16:20:25 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/18 16:20:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/18 16:20:25 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/18 16:20:25 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/18 16:20:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/18 16:20:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/18 16:20:24 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/18 16:20:24 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/18 16:20:24 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/18 16:20:24 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/18 16:20:24 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/18 16:20:24 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/18 16:20:24 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/18 16:20:24 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/18 16:20:24 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/18 16:20:24 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/18 16:20:24 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/18 16:20:24 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/18 16:20:24 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/18 16:20:24 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/18 16:20:24 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/18 16:20:24 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/18 16:20:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/18 16:20:24 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/18 16:20:24 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/18 16:20:24 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/18 16:20:24 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/18 16:20:24 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/18 16:20:24 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/18 16:20:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/18 16:20:24 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/18 16:20:24 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/18 16:20:24 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/18 16:20:24 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/07/18 16:20:24 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/18 16:20:24 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/18 16:20:24 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/18 16:20:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/18 16:20:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/18 16:20:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/18 16:20:24 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/18 16:20:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/18 16:20:24 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/18 16:20:24 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/18 16:20:24 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/18 16:20:24 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/18 16:12:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/18 14:53:26 | 004,582,182 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2012/07/18 14:50:55 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/18 14:50:55 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/18 14:50:55 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/18 14:50:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/18 14:50:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/18 14:46:18 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/18 14:41:47 | 021,055,472 | ---- | M] (Oracle Corporation) -- C:\Users\Sarah\Desktop\jre-7u5-windows-i586.exe
[2012/07/18 14:39:02 | 016,613,376 | ---- | M] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1013.msp
[2012/07/18 14:38:54 | 015,929,344 | ---- | M] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1012.msp
[2012/07/18 14:38:26 | 013,135,872 | ---- | M] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1011.msp
[2012/07/18 00:24:15 | 000,002,046 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/12 22:26:44 | 000,000,941 | ---- | M] () -- C:\Users\Sarah\Desktop\ERUNT.lnk
[2012/07/12 22:22:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\dds.com
[2012/07/12 18:43:05 | 000,001,294 | ---- | M] () -- C:\Users\Sarah\Desktop\Spybot - Search & Destroy.lnk
[2012/07/12 17:43:00 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120712-180719.backup
[2012/07/12 13:56:51 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/07/12 13:21:42 | 000,002,577 | ---- | M] () -- C:\Users\Sarah\Desktop\Readme.nfo - Shortcut.lnk
[2012/07/11 21:38:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 21:38:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 03:22:44 | 005,058,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/09 22:47:06 | 002,349,078 | ---- | M] () -- C:\Users\Sarah\Desktop\the heckler.ai
[2012/07/09 22:47:01 | 000,033,376 | ---- | M] () -- C:\Users\Sarah\Desktop\the-heckler3.jpg
[2012/07/09 22:46:40 | 000,053,776 | ---- | M] () -- C:\Users\Sarah\Desktop\the-heckler2.jpg
[2012/07/09 22:46:18 | 000,030,030 | ---- | M] () -- C:\Users\Sarah\Desktop\the-heckler1.jpg
[2012/07/08 20:08:15 | 000,059,888 | ---- | M] () -- C:\Users\Sarah\Desktop\man_heck2.JPG
[2012/07/08 20:07:13 | 000,058,122 | ---- | M] () -- C:\Users\Sarah\Desktop\man_heck1.JPG
[2012/07/06 21:00:44 | 000,031,454 | ---- | M] () -- C:\Users\Sarah\Desktop\lens1399061_yelling_man.png
[2012/07/06 20:56:36 | 000,017,623 | ---- | M] () -- C:\Users\Sarah\Desktop\man-with-megaphone.gif
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/18 16:20:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/18 16:20:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/18 14:46:18 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/18 14:46:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/18 14:38:13 | 016,613,376 | ---- | C] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1013.msp
[2012/07/18 14:38:05 | 015,929,344 | ---- | C] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1012.msp
[2012/07/18 14:37:52 | 013,135,872 | ---- | C] () -- C:\Users\Sarah\Desktop\AdbeRdrUpd1011.msp
[2012/07/17 15:43:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/17 15:43:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/17 15:43:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/17 15:43:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/17 15:43:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/12 22:26:44 | 000,000,941 | ---- | C] () -- C:\Users\Sarah\Desktop\ERUNT.lnk
[2012/07/12 18:43:05 | 000,001,294 | ---- | C] () -- C:\Users\Sarah\Desktop\Spybot - Search & Destroy.lnk
[2012/07/12 13:56:47 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/07/09 22:47:01 | 000,033,376 | ---- | C] () -- C:\Users\Sarah\Desktop\the-heckler3.jpg
[2012/07/09 22:46:40 | 000,053,776 | ---- | C] () -- C:\Users\Sarah\Desktop\the-heckler2.jpg
[2012/07/09 22:46:18 | 000,030,030 | ---- | C] () -- C:\Users\Sarah\Desktop\the-heckler1.jpg
[2012/07/08 20:08:15 | 000,059,888 | ---- | C] () -- C:\Users\Sarah\Desktop\man_heck2.JPG
[2012/07/08 20:07:12 | 000,058,122 | ---- | C] () -- C:\Users\Sarah\Desktop\man_heck1.JPG
[2012/07/06 23:19:34 | 002,349,078 | ---- | C] () -- C:\Users\Sarah\Desktop\the heckler.ai
[2012/07/06 21:00:43 | 000,031,454 | ---- | C] () -- C:\Users\Sarah\Desktop\lens1399061_yelling_man.png
[2012/07/06 20:56:35 | 000,017,623 | ---- | C] () -- C:\Users\Sarah\Desktop\man-with-megaphone.gif
[2011/11/24 00:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/11/23 00:52:19 | 000,000,132 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/10 12:50:02 | 000,000,132 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/12 11:05:47 | 000,000,632 | RHS- | C] () -- C:\Users\Sarah\ntuser.pol
[2010/11/20 20:23:20 | 000,001,456 | ---- | C] () -- C:\Users\Sarah\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/06 14:51:59 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2010/09/06 14:51:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2010/09/06 14:51:58 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2010/09/06 14:51:58 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2010/09/06 14:51:57 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2010/09/06 14:51:57 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2010/09/06 14:51:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2010/09/06 14:51:56 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2010/09/06 14:51:56 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2010/09/06 14:51:56 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2010/09/06 14:51:55 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2010/09/06 14:51:55 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2010/09/06 14:51:55 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2010/09/06 14:51:54 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2010/09/06 14:51:53 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2010/09/06 14:51:52 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2010/09/06 14:51:52 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2010/09/06 14:51:51 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2010/09/06 14:51:50 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2010/09/06 14:51:50 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2010/09/06 14:51:49 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2010/09/06 14:51:49 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2010/09/04 22:24:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/30 17:55:19 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/08/30 17:14:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
< End of report >
Hi,
Let's run OTL again:
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112462&babsrc=SP_ss&mntrId=3a81797500000000000000ff8023ef06
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&affID=112462&babsrc=SP_ss&mntrId=3a81797500000000000000ff8023ef06
:Commands
[emptytemp]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log
jtcarrie
2012-07-20, 02:22
Here is the log. It is still appearing in Firefox.
All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jeff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1203049 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4629578 bytes
->Flash cache emptied: 42076 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sarah
->Temp folder emptied: 52983 bytes
->Temporary Internet Files folder emptied: 2418074 bytes
->Java cache emptied: 2005736 bytes
->FireFox cache emptied: 105691230 bytes
->Google Chrome cache emptied: 588509020 bytes
->Flash cache emptied: 327115 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 672.00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07192012_190332
Files\Folders moved on Reboot...
C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Hi,
I think it's time to restore default Firefox settings to see if it helps:
type about:support to the Firefox url address field. Then use Reset Firefox button (like shown here (http://people.mozilla.org/~mverdi/screenshots/reset-from-support-20110629-233613.jpg)).
jtcarrie
2012-07-20, 22:43
I just reset Firefox and it doesn't appear to showing up anymore! Should I run a DDS log or anything?
Good. Let's see the final steps then :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Next we'll remove OTL:
Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
jtcarrie
2012-07-23, 03:02
Everything seems to be working fine. Thank you so much, I really appreciate this. And especially thank you for Secunia! That's an awesome program. Again, thank you all so much. I'll let you know if there are any future problems. Again, THANK YOU!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.