Google redirect, rootkit?

[ken545]

Hi,

Viewpoint <--You can uninstall this via Add Remove Programs in the Control Panel, it uses system resources, it installed without your knowledge or consent and is not needed.


iMesh Uninstall this also, your downloading those music files from an unknown source and most contain malware of some sort

Norton <-- I see markers in your log for Norton, have you tried to uninstall this at one time >


Please download TDSSKiller.zip

• Extract it to your desktop
• Double click TDSSKiller.exe
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
• Copy and paste the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

[brewnw]

The TDSS killer scan came up clean.

In response to your earlier questions: Norton - I use Norton Safety Minder to control/monitor my kid's online activity. I also see Norton Online as a sep. program under Add/Remove programs but that may be another component of Safety Minder. If I recall correctly, some software I installed (WinAmp?) also installed a Norton security program which I subsequently removed b/c I had several in place. I just missed the checkbox to avoid installing it.

I never use iMesh. Not even sure what it is. It could be something a non-admin user tried to install b/c it didn't show up under Add/Remove. I did a search for iMesh and removed the .exe installer and another shortcut file named 'continue iMesh installation'

I sincerely appreciate your help. Will be sending Spybot some $$ support.

Anything more I should do?

[ken545]

Are you still being redirected ?

[brewnw]

No obvious problems currently. The only thing I've had an issue with is a strange browser connectivity issue (no pages would load, DNS problem?) which I was able to 'solve' by rebooting. Computer was online b/c pings, non-browser apps worked. Likely unrelated to any of the cleaning or malware issues.

[ken545]

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  :Services
  
  :Reg
  
  :Files
  ipconfig /release /c
  ipconfig /renew /c
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Post the report from the fix and then run a new scan with OTL and post the new log, there will most likely be no extras log this time

[brewnw]

Unfortunately, my wife reports new instances of Google redirects before the most recent measures you suggested (logged below). I'm about ready to dump this ancient machine and replace it. It is nearly 10 years old now. My worry is how to avoid infecting the new machine and still retain my important old files which are stored here. We have lots of photos, music, and personal/work files we need to keep but I worry that just copying them over (either by backing them up to the external USB hard drive, etc) will infect the new machine. Is there a safe way to do this?

I ran the OTL actions you suggested. See below. Fix log below, scan in next post.

thanks again.

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Garrett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Garrett\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
IP Address. . . . . . . . . . . . : 172.16.0.198
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.0.1
C:\Documents and Settings\Garrett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Garrett\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Garrett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Garrett\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Forrest
->Temp folder emptied: 116752 bytes
->Temporary Internet Files folder emptied: 1949830 bytes
->Java cache emptied: 374322805 bytes
->FireFox cache emptied: 100838025 bytes
->Flash cache emptied: 1830153 bytes

User: Garrett
->Temp folder emptied: 12463400 bytes
->Temporary Internet Files folder emptied: 367784 bytes
->Java cache emptied: 802082 bytes
->FireFox cache emptied: 67804859 bytes
->Flash cache emptied: 16143 bytes

User: Jen
->Temp folder emptied: 31572782 bytes
->Temporary Internet Files folder emptied: 9243499 bytes
->Java cache emptied: 133243747 bytes
->FireFox cache emptied: 112388382 bytes
->Google Chrome cache emptied: 87847280 bytes
->Opera cache emptied: 18377627 bytes
->Flash cache emptied: 398448 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 180358 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1492035 bytes
%systemroot%\System32 .tmp files removed: 4628745 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109149230 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94777097 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 550904 bytes
RecycleBin emptied: 2343984 bytes

Total Files Cleaned = 1,113.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07222011_083748

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[brewnw]

OTL logfile created on: 7/22/2011 9:48:31 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Garrett\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.73 Mb Total Physical Memory | 180.84 Mb Available Physical Memory | 17.96% Memory free
3.84 Gb Paging File | 2.85 Gb Available in Paging File | 74.19% Paging File free
Paging file location(s): C:\pagefile.sys 3024 4096F:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 61.99 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 50.13 Gb Free Space | 33.64% Space Free | Partition Type: FAT32

Computer Name: JUANITA | User Name: Garrett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Garrett\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Documents and Settings\Jen\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - F:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Documents and Settings\Jen\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Norton Online\Engine\2.1.0.23\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\Documents and Settings\Jen\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
PRC - C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe (MétéoMédia/The Weather Network)
PRC - C:\WINDOWS\system32\lxcrcoms.exe ( )
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\cygwin\usr\sbin\sshd.exe ()
PRC - C:\cygwin\bin\cygrunsrv.exe ()
PRC - C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Garrett\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (NOF) -- C:\Program Files\Norton Online\Engine\2.1.0.23\ccSvcHst.exe (Symantec Corporation)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (lxcr_device) -- C:\WINDOWS\System32\lxcrcoms.exe ( )
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (sshd) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (Diskeeper) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (sasrfcService) -- C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\WINDOWS\System32\Drivers\NSM\0201000.034\SymRdr.SYS (Symantec Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (MR97310_VGA_DUAL_CAMERA) -- C:\WINDOWS\system32\drivers\mr97310v.sys (Mars Semiconductor Corp.)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (BsUDF) -- C:\WINDOWS\System32\drivers\bsudf.sys (ahead software)
DRV - (BsStor) -- C:\WINDOWS\System32\DRIVERS\bsstor.sys (B.H.A Co.,Ltd.)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
DRV - (slz1unic) SL Series (WDM) -- C:\WINDOWS\system32\drivers\slz1unic.sys (MCCI)
DRV - (slz1nd5) SL Series (NDIS) -- C:\WINDOWS\system32\drivers\slz1nd5.sys (MCCI)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.puretracks.com/
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...lcache=2&hl=en
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\..\URLSearchHook: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=172.16.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.xfinity.com/customer/start/?cid=xfstart_tech_main"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.1.0.52
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\ [2011/04/01 12:09:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2011/01/07 10:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2011/07/19 18:00:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/20 16:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/19 18:00:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2011/01/07 10:44:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2011/07/19 18:00:27 | 000,000,000 | ---D | M]

[2008/11/17 19:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garrett\Application Data\Mozilla\Extensions
[2011/07/19 18:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garrett\Application Data\Mozilla\Firefox\Profiles\25gceplc.default\extensions
[2010/12/10 09:11:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Garrett\Application Data\Mozilla\Firefox\Profiles\25gceplc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/04 20:57:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Garrett\Application Data\Mozilla\Firefox\Profiles\25gceplc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/07/18 18:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/01 12:09:53 | 000,000,000 | ---D | M] (Norton Safety Minder) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{78CA3BF0-9C3B-40E1-B46D-38C877EF059A}\NSM_2.1.0.37\COFFFW
[2008/09/29 08:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/03/06 12:08:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/07/22 08:38:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7c1ce531-09e9-4fc5-9803-1c2956615786} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Norton Safety Minder) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.52\coieplg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1993962763-920026266-725345543-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1003..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1003..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe (MétéoMédia/The Weather Network)
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [BitTorrent DNA] File not found
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [Drafomalokahuboz] File not found
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [Pyodutomob] File not found
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [tjnauada] File not found
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [WeatherEye] C:\Documents and Settings\Jen\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Documents and Settings\Garrett\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Jen\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} file://E:\components\Liquid.ocx (Liquid.LiquidHelper)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Garrett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Garrett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/16 20:32:23 | 000,000,060 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/22 08:37:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/19 19:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garrett\Desktop\tdsskiller
[2011/07/19 19:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garrett\Local Settings\Application Data\PackageAware
[2011/07/19 16:07:42 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Garrett\Desktop\OTL.exe
[2011/07/19 08:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garrett\Application Data\Malwarebytes
[2011/07/19 08:09:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/19 08:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/19 08:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/19 08:09:17 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/19 08:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/19 08:04:19 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Garrett\Desktop\ATF-Cleaner(2).exe
[2011/07/18 18:31:45 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Garrett\Desktop\aswMBR.exe
[2011/07/15 11:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garrett\Local Settings\Application Data\Temp
[2011/07/02 14:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/07/02 14:05:39 | 008,610,528 | ---- | C] (Mozilla) -- C:\Documents and Settings\All Users\Documents\Firefox Setup 3.6.18.exe
[2007/01/03 21:28:01 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2007/01/03 21:28:01 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2007/01/03 21:25:39 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2007/01/03 21:25:39 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2007/01/03 21:25:39 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2007/01/03 21:25:39 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2007/01/03 21:25:39 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2007/01/03 21:25:38 | 000,495,616 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcoms.exe
[2007/01/03 21:25:38 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrih.exe
[2007/01/03 21:25:37 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2007/01/03 21:25:37 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/07/22 10:00:01 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2011/07/22 09:39:09 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/22 09:32:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-920026266-725345543-1006UA.job
[2011/07/22 09:27:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/22 08:52:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/22 08:45:35 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/22 08:45:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/22 08:38:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/22 03:32:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-920026266-725345543-1006Core.job
[2011/07/19 19:09:46 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\Garrett\Desktop\Continue iMesh installation.url
[2011/07/19 18:04:08 | 001,383,430 | ---- | M] () -- C:\Documents and Settings\Garrett\Desktop\tdsskiller.zip
[2011/07/19 16:07:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Garrett\Desktop\OTL.exe
[2011/07/19 08:09:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 08:04:19 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Garrett\Desktop\ATF-Cleaner(2).exe
[2011/07/18 18:35:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Garrett\Desktop\MBR.dat
[2011/07/18 18:32:31 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Garrett\Desktop\aswMBR.exe
[2011/07/18 18:18:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/15 08:40:56 | 000,000,315 | RHS- | M] () -- C:\boot.ini
[2011/07/11 20:56:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/02 14:09:24 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Garrett\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/02 14:08:35 | 008,610,528 | ---- | M] (Mozilla) -- C:\Documents and Settings\All Users\Documents\Firefox Setup 3.6.18.exe

========== Files Created - No Company Name ==========

[2011/07/19 19:09:46 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Garrett\Desktop\Continue iMesh installation.url
[2011/07/19 18:03:51 | 001,383,430 | ---- | C] () -- C:\Documents and Settings\Garrett\Desktop\tdsskiller.zip
[2011/07/19 08:09:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 18:35:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Garrett\Desktop\MBR.dat
[2011/07/02 14:09:24 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Garrett\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/07 16:28:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/05/07 16:28:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/28 13:56:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/28 13:56:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/28 13:56:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/28 13:56:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/28 13:56:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/23 17:46:26 | 000,004,053 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/14 07:58:01 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/14 07:58:00 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/14 07:58:00 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/14 07:58:00 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/14 07:58:00 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/05/15 16:19:07 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll
[2010/03/16 09:10:14 | 000,060,724 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/18 08:17:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/05/05 20:54:36 | 000,000,200 | ---- | C] () -- C:\WINDOWS\actval.ini
[2007/07/06 17:39:08 | 000,000,394 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/05/22 21:26:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/01/03 21:28:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2007/01/03 21:28:00 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2007/01/03 21:27:47 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2007/01/03 21:27:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2007/01/03 21:27:47 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2007/01/03 21:27:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/01/03 21:27:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/01/03 21:25:40 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2006/12/28 11:52:23 | 000,000,087 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/12/28 11:48:17 | 000,000,459 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2006/12/28 11:46:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2006/11/22 13:53:04 | 000,019,968 | ---- | C] () -- C:\WINDOWS\sha1sum.exe
[2006/04/02 13:57:28 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/04/02 13:57:27 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/11/11 08:06:35 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/04 11:21:48 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/14 17:12:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/05/13 06:47:32 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/02/27 20:17:49 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2005/02/27 20:17:49 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2005/02/16 15:34:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2004/11/23 13:19:49 | 000,002,582 | ---- | C] () -- C:\WINDOWS\DIPLOMA.INI
[2004/11/23 13:19:49 | 000,000,127 | ---- | C] () -- C:\WINDOWS\BRGVARS.INI
[2004/10/21 09:37:44 | 000,000,437 | ---- | C] () -- C:\WINDOWS\zTree.INI
[2004/09/09 18:12:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 18:34:48 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/24 09:47:12 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2004/07/23 13:09:52 | 000,013,088 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2004/05/02 05:18:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/21 15:38:30 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004/02/25 20:08:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/02/25 20:08:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/02/25 20:08:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/02/25 20:08:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/02/25 20:08:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/02/25 20:08:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2003/12/20 07:08:55 | 000,020,927 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2003/12/14 19:13:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/12/07 21:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2003/12/03 19:39:37 | 000,112,128 | ---- | C] () -- C:\Documents and Settings\Garrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/01 21:07:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Garrett\Application Data\sversion.ini
[2003/12/01 20:58:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2003/12/01 20:03:17 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE
[2003/12/01 20:03:17 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2003/11/27 15:58:52 | 000,003,951 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/27 11:09:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/11/27 11:09:11 | 000,095,952 | ---- | C] () -- C:\WINDOWS\MozillaUninstall.exe
[2003/11/27 11:08:52 | 000,095,952 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2003/11/27 11:08:50 | 000,020,785 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/11/27 08:07:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/11/27 07:34:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/24 16:26:50 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/11/24 15:43:19 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/11/24 15:38:48 | 000,000,990 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/11/24 15:05:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/11/24 15:01:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/11/24 09:27:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/11/24 09:26:23 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/20 21:00:00 | 001,036,800 | ---- | C] () -- C:\WINDOWS\System32\libmpeg-1.0.0.dll
[2003/04/20 21:00:00 | 000,987,136 | ---- | C] () -- C:\WINDOWS\System32\liboggvorbis-1.0.0.dll
[2003/04/20 21:00:00 | 000,696,832 | ---- | C] () -- C:\WINDOWS\System32\libmcl-2.8.0.dll
[2003/04/20 21:00:00 | 000,427,008 | ---- | C] () -- C:\WINDOWS\System32\libimg-2.2.9.dll
[2003/04/20 21:00:00 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2-enc-1.2.5.dll
[2003/04/20 21:00:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.1.1.dll
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 11:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/10/12 11:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 11:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,443,062 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,071,592 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/12/07 11:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63596073

< End of report >

[ken545]

Well, you have some entries on your OTL log that weren't present before

Ten years is pretty outdated, it must be on its last leg. What you may want to do is back up all your pictures and documents to a CD , then insert the disk and right click on it and have McAfee scan it.


Lets remove those entries


Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
  IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKU\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=172.16.0.1:6522
  O2 - BHO: (no name) - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - No CLSID value found.
  O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [BitTorrent DNA] File not found
  O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [Drafomalokahuboz] File not found
  O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [Pyodutomob] File not found
  O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1006..\Run: [tjnauada] File not found
  @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63596073
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[brewnw]

All processes killed
========== PROCESSES ==========
========== OTL ==========
Unable to set value : HKU\S-1-5-21-1993962763-920026266-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E!
Unable to set value : HKU\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E!
Unable to set value : HKU\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-1993962763-920026266-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Run not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63596073 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Garrett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Garrett\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Forrest
->Temp folder emptied: 23125 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75579439 bytes
->Flash cache emptied: 1059 bytes

User: Garrett
->Temp folder emptied: 4449 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35556704 bytes
->Flash cache emptied: 456 bytes

User: Jen
->Temp folder emptied: 3412 bytes
->Temporary Internet Files folder emptied: 1389668 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84125989 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1351 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105794059 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 289.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07222011_190643

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[brewnw]

OTL logfile created on: 7/22/2011 7:25:38 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Garrett\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.73 Mb Total Physical Memory | 252.88 Mb Available Physical Memory | 25.12% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 85.80% Paging File free
Paging file location(s): C:\pagefile.sys 3024 4096F:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 61.99 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 49.75 Gb Free Space | 33.39% Space Free | Partition Type: FAT32

Computer Name: JUANITA | User Name: Garrett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Garrett\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - F:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Norton Online\Engine\2.1.0.23\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe (MétéoMédia/The Weather Network)
PRC - C:\WINDOWS\system32\lxcrcoms.exe ( )
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\cygwin\usr\sbin\sshd.exe ()
PRC - C:\cygwin\bin\cygrunsrv.exe ()
PRC - C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Garrett\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (NOF) -- C:\Program Files\Norton Online\Engine\2.1.0.23\ccSvcHst.exe (Symantec Corporation)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (lxcr_device) -- C:\WINDOWS\System32\lxcrcoms.exe ( )
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (sshd) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (Diskeeper) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (sasrfcService) -- C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\WINDOWS\System32\Drivers\NSM\0201000.034\SymRdr.SYS (Symantec Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (MR97310_VGA_DUAL_CAMERA) -- C:\WINDOWS\system32\drivers\mr97310v.sys (Mars Semiconductor Corp.)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (BsUDF) -- C:\WINDOWS\System32\drivers\bsudf.sys (ahead software)
DRV - (BsStor) -- C:\WINDOWS\System32\DRIVERS\bsstor.sys (B.H.A Co.,Ltd.)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
DRV - (slz1unic) SL Series (WDM) -- C:\WINDOWS\system32\drivers\slz1unic.sys (MCCI)
DRV - (slz1nd5) SL Series (NDIS) -- C:\WINDOWS\system32\drivers\slz1nd5.sys (MCCI)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.puretracks.com/
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.xfinity.com/customer/start/?cid=xfstart_tech_main"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {6D5C8FC4-DE46-41bf-9092-93F0F78E9115}:2.1.0.52
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.1.0.37\coFFFw\ [2011/04/01 12:09:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2011/01/07 10:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2011/07/19 18:00:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/20 16:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/19 18:00:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2011/01/07 10:44:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2011/07/19 18:00:27 | 000,000,000 | ---D | M]

[2008/11/17 19:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garrett\Application Data\Mozilla\Extensions
[2011/07/19 18:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garrett\Application Data\Mozilla\Firefox\Profiles\25gceplc.default\extensions
[2010/12/10 09:11:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Garrett\Application Data\Mozilla\Firefox\Profiles\25gceplc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/04 20:57:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Garrett\Application Data\Mozilla\Firefox\Profiles\25gceplc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/07/18 18:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/01 12:09:53 | 000,000,000 | ---D | M] (Norton Safety Minder) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{78CA3BF0-9C3B-40E1-B46D-38C877EF059A}\NSM_2.1.0.37\COFFFW
[2008/09/29 08:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/03/06 12:08:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/07/22 19:06:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7c1ce531-09e9-4fc5-9803-1c2956615786} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Norton Safety Minder) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.52\coieplg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] F:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1003..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1993962763-920026266-725345543-1003..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe (MétéoMédia/The Weather Network)
O4 - Startup: C:\Documents and Settings\Garrett\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Jen\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} file://E:\components\Liquid.ocx (Liquid.LiquidHelper)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Garrett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Garrett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/16 20:32:23 | 000,000,060 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/22 08:37:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/19 19:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garrett\Desktop\tdsskiller
[2011/07/19 19:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garrett\Local Settings\Application Data\PackageAware
[2011/07/19 16:07:42 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Garrett\Desktop\OTL.exe
[2011/07/19 08:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garrett\Application Data\Malwarebytes
[2011/07/19 08:09:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/19 08:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/19 08:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/19 08:09:17 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/19 08:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/19 08:04:19 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Garrett\Desktop\ATF-Cleaner(2).exe
[2011/07/18 18:31:45 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Garrett\Desktop\aswMBR.exe
[2011/07/15 11:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garrett\Local Settings\Application Data\Temp
[2011/07/02 14:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/07/02 14:05:39 | 008,610,528 | ---- | C] (Mozilla) -- C:\Documents and Settings\All Users\Documents\Firefox Setup 3.6.18.exe
[2007/01/03 21:28:01 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2007/01/03 21:28:01 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2007/01/03 21:25:39 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2007/01/03 21:25:39 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2007/01/03 21:25:39 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2007/01/03 21:25:39 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2007/01/03 21:25:39 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2007/01/03 21:25:38 | 000,495,616 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcoms.exe
[2007/01/03 21:25:38 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrih.exe
[2007/01/03 21:25:37 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2007/01/03 21:25:37 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/07/22 19:33:01 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2011/07/22 19:32:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-920026266-725345543-1006UA.job
[2011/07/22 19:27:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/22 19:09:19 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/22 19:08:19 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/22 19:08:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/22 19:07:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/22 19:06:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/22 03:32:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-920026266-725345543-1006Core.job
[2011/07/19 19:09:46 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\Garrett\Desktop\Continue iMesh installation.url
[2011/07/19 18:04:08 | 001,383,430 | ---- | M] () -- C:\Documents and Settings\Garrett\Desktop\tdsskiller.zip
[2011/07/19 16:07:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Garrett\Desktop\OTL.exe
[2011/07/19 08:09:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 08:04:19 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Garrett\Desktop\ATF-Cleaner(2).exe
[2011/07/18 18:35:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Garrett\Desktop\MBR.dat
[2011/07/18 18:32:31 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Garrett\Desktop\aswMBR.exe
[2011/07/18 18:18:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/15 08:40:56 | 000,000,315 | RHS- | M] () -- C:\boot.ini
[2011/07/11 20:56:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/02 14:09:24 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Garrett\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/02 14:08:35 | 008,610,528 | ---- | M] (Mozilla) -- C:\Documents and Settings\All Users\Documents\Firefox Setup 3.6.18.exe

========== Files Created - No Company Name ==========

[2011/07/19 19:09:46 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Garrett\Desktop\Continue iMesh installation.url
[2011/07/19 18:03:51 | 001,383,430 | ---- | C] () -- C:\Documents and Settings\Garrett\Desktop\tdsskiller.zip
[2011/07/19 08:09:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 18:35:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Garrett\Desktop\MBR.dat
[2011/07/02 14:09:24 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Garrett\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/07 16:28:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/05/07 16:28:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/28 13:56:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/28 13:56:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/28 13:56:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/28 13:56:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/28 13:56:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/23 17:46:26 | 000,004,053 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/14 07:58:01 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/14 07:58:00 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/14 07:58:00 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/14 07:58:00 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/14 07:58:00 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/05/15 16:19:07 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll
[2010/03/16 09:10:14 | 000,060,724 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/18 08:17:02 | 000,000,451 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/05/05 20:54:36 | 000,000,200 | ---- | C] () -- C:\WINDOWS\actval.ini
[2007/07/06 17:39:08 | 000,000,394 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/05/22 21:26:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/01/03 21:28:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2007/01/03 21:28:00 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2007/01/03 21:27:47 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2007/01/03 21:27:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2007/01/03 21:27:47 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2007/01/03 21:27:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/01/03 21:27:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/01/03 21:25:40 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2006/12/28 11:52:23 | 000,000,087 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/12/28 11:48:17 | 000,000,459 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2006/12/28 11:46:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2006/11/22 13:53:04 | 000,019,968 | ---- | C] () -- C:\WINDOWS\sha1sum.exe
[2006/04/02 13:57:28 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/04/02 13:57:27 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/11/11 08:06:35 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/04 11:21:48 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/08/14 17:12:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/05/13 06:47:32 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/02/27 20:17:49 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2005/02/27 20:17:49 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2005/02/16 15:34:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2004/11/23 13:19:49 | 000,002,582 | ---- | C] () -- C:\WINDOWS\DIPLOMA.INI
[2004/11/23 13:19:49 | 000,000,127 | ---- | C] () -- C:\WINDOWS\BRGVARS.INI
[2004/10/21 09:37:44 | 000,000,437 | ---- | C] () -- C:\WINDOWS\zTree.INI
[2004/09/09 18:12:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 18:34:48 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/24 09:47:12 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2004/07/23 13:09:52 | 000,013,088 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2004/05/02 05:18:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/21 15:38:30 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004/02/25 20:08:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/02/25 20:08:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/02/25 20:08:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/02/25 20:08:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/02/25 20:08:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/02/25 20:08:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2003/12/20 07:08:55 | 000,020,927 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2003/12/14 19:13:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/12/07 21:20:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2003/12/03 19:39:37 | 000,112,128 | ---- | C] () -- C:\Documents and Settings\Garrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/01 21:07:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Garrett\Application Data\sversion.ini
[2003/12/01 20:58:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2003/12/01 20:03:17 | 001,262,956 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE
[2003/12/01 20:03:17 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2003/11/27 15:58:52 | 000,003,951 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/27 11:09:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/11/27 11:09:11 | 000,095,952 | ---- | C] () -- C:\WINDOWS\MozillaUninstall.exe
[2003/11/27 11:08:52 | 000,095,952 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2003/11/27 11:08:50 | 000,020,785 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/11/27 08:07:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/11/27 07:34:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/24 16:26:50 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/11/24 15:43:19 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/11/24 15:38:48 | 000,000,990 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/11/24 15:05:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/11/24 15:01:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/11/24 09:27:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/11/24 09:26:23 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/20 21:00:00 | 001,036,800 | ---- | C] () -- C:\WINDOWS\System32\libmpeg-1.0.0.dll
[2003/04/20 21:00:00 | 000,987,136 | ---- | C] () -- C:\WINDOWS\System32\liboggvorbis-1.0.0.dll
[2003/04/20 21:00:00 | 000,696,832 | ---- | C] () -- C:\WINDOWS\System32\libmcl-2.8.0.dll
[2003/04/20 21:00:00 | 000,427,008 | ---- | C] () -- C:\WINDOWS\System32\libimg-2.2.9.dll
[2003/04/20 21:00:00 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2-enc-1.2.5.dll
[2003/04/20 21:00:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.1.1.dll
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 11:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/10/12 11:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 11:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,443,062 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,071,592 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/12/07 11:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini

< End of report >