Author Topic: computer infected (Read 1469 times)

kristin · « **on:** September 30, 2009, 06:55:09 PM »

Hi, my comptuer has problems and I some how managed to get trojans on my computer... please help!
thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:03 PM, on 9/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\MSTMON_Y.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: &Helper - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\WINDOWS\system32\msnaoladdon.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\WINDOWS\system32\MSTMON_Y.EXE STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlphaAV] C:\Program Files\AlphaAV\AlphaAV.exe
O4 - HKLM\..\Run: [MSDRV] NetFilter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O18 - Filter hijack: text/html - {95a177ec-1300-408d-bada-e53c4ef25f64} - C:\WINDOWS\mark_32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13363 bytes

guestolo · « **Reply #1 on:** September 30, 2009, 08:00:59 PM »

Hi kristin, can you do the following please
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

NOTE: If you do have problems posting those logs to a reply, please Upload them
If unsure how to upload them, please let me know

kristin · « **Reply #2 on:** September 30, 2009, 08:36:38 PM »

OTL logfile created on: 9/30/2009 9:25:15 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\kristin smalley.KRISTIN\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.17 Mb Total Physical Memory | 108.02 Mb Available Physical Memory | 28.27% Memory free
919.32 Mb Paging File | 507.80 Mb Available in Paging File | 55.24% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.08 Gb Total Space | 18.50 Gb Free Space | 27.57% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.79 Gb Free Space | 10.66% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISTIN
Current User Name: kristin smalley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2005/11/10 18:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/09/17 10:27:12 | 00,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/11/10 18:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/08/04 04:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/17 10:27:06 | 00,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/17 10:27:10 | 00,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/04 09:33:28 | 02,944,736 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/02/06 15:15:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/11/15 18:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/10 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2005/10/07 10:25:36 | 00,133,744 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/25 02:10:58 | 00,749,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2009/03/10 16:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/12/22 03:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2009/02/06 05:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/11/11 00:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/02/17 02:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2005/06/19 16:50:08 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/09/17 10:27:02 | 00,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/12/12 14:39:52 | 00,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005/12/22 11:57:10 | 00,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2005/12/13 16:45:58 | 00,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/08/30 11:49:30 | 00,184,320 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MSTMON_Y.EXE
PRC - [2009/02/06 15:15:03 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/10 16:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\udaterui.exe
PRC - [2009/02/04 09:33:28 | 02,612,960 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/30 15:47:03 | 01,597,440 | ---- | M] () -- C:\Program Files\AlphaAV\AlphaAV.exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/09/18 05:58:45 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/10 16:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\McTray.exe
PRC - [2008/12/10 16:33:30 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/09/19 17:56:11 | 02,294,272 | ---- | M] (XPC Soft) -- C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
PRC - [2005/12/08 16:45:12 | 00,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2006/04/12 01:54:56 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/09/19 21:24:20 | 00,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/24 03:42:32 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2009/06/29 04:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/30 21:25:04 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 04:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/11/10 18:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/02/04 09:33:28 | 02,944,736 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/17 10:27:06 | 00,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/10/13 18:48:40 | 00,072,280 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc [On_Demand | Stopped])
SRV - [2005/09/17 10:27:10 | 00,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])
SRV - [2005/09/17 10:27:12 | 00,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/10/23 04:28:54 | 00,045,696 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2009/04/26 18:03:56 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/12/22 03:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/02/06 15:15:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/11/15 18:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009/03/10 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - File not found -- -- (McShield [Auto | Stopped])
SRV - File not found -- -- (McTaskManager [Auto | Stopped])
SRV - [2005/10/07 10:25:36 | 00,133,744 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc [Auto | Running])
SRV - [2005/09/25 02:10:58 | 00,749,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/08/27 00:22:48 | 00,198,368 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan [On_Demand | Stopped])
SRV - [2005/09/19 21:24:20 | 00,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running])
SRV - [2005/09/16 02:21:14 | 01,160,800 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2006/04/12 01:54:56 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2005/03/09 18:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/11/10 18:51:00 | 01,396,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/11/28 05:35:38 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2005/08/18 04:22:54 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2005/08/02 05:58:00 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
DRV - [2005/08/02 06:00:00 | 00,349,312 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
DRV - [2005/05/05 13:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\drivers\EABFiltr.sys -- (eabfiltr [System | Running])
DRV - [2005/05/05 13:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\drivers\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/08/22 05:06:00 | 00,231,424 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])
DRV - [2005/08/22 05:06:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/03/17 00:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2005/11/27 05:00:00 | 00,077,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051127.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2005/11/27 05:00:00 | 00,750,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051127.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 05:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/09/30 07:11:00 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2005/08/27 00:22:48 | 00,334,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])
DRV - [2005/08/27 00:22:50 | 00,053,896 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [Auto | Running])
DRV - [2004/08/04 04:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 15:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
DRV - [2005/09/16 02:21:14 | 00,389,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2006/02/22 19:19:06 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2005/09/02 05:07:36 | 00,199,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Stopped])
DRV - [2006/04/12 01:54:56 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2005/06/19 16:33:18 | 00,190,400 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/20 06:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Stopped])
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2005/08/22 05:06:00 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/06 15:15:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/09/20 17:27:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/09/28 20:37:09 | 00,000,000 | ---D | M]

[2008/07/28 21:19:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/01 09:51:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/10/01 15:33:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/19 20:54:06 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/10/23 00:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/03/03 16:39:13 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/02/24 21:50:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/03/03 16:39:24 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/03/03 16:39:10 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (&Helper) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\WINDOWS\System32\msnaoladdon.dll ()
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlphaAV] C:\Program Files\AlphaAV\AlphaAV.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [bncsaui.exe] C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe (Bradford Networks)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\WINDOWS\System32\MSTMON_Y.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSDRV] C:\WINDOWS\System32\NetFilter.exe ()
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe (XPC Soft)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 158.136.1.103 158.136.1.99
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6117d8e6-778c-11dd-9bfc-0016d4323812}\Shell\AutoRun\command - "" = F:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/09/30 21:25:00 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\OTL.exe
[2009/09/30 19:35:17 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThis.lnk
[2009/09/30 19:35:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/30 19:34:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThisInstaller.exe
[2009/09/30 15:47:37 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\NetFilter.exe
[2009/09/30 15:47:37 | 00,061,440 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\ndisapi.dll
[2009/09/30 15:47:37 | 00,024,576 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\ndisrd.sys
[2009/09/30 15:47:22 | 00,404,992 | ---- | C] () -- C:\WINDOWS\System32\msnaoladdon.dll
[2009/09/30 15:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Uninstall
[2009/09/30 15:47:15 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\Alpha Antivirus.lnk
[2009/09/30 15:46:46 | 00,000,000 | ---D | C] -- C:\Program Files\AlphaAV
[2009/09/28 20:33:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Application Data\Microsoft Help
[2009/09/28 20:31:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/09/23 16:45:51 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/21 17:19:47 | 00,000,000 | ---D | C] -- C:\Program Files\Shared
[2009/09/20 17:30:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/20 17:27:22 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/09 06:53:57 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 17:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\Teaching and Learning
[2009/09/05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/02 11:42:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\Astronomy
[2009/09/02 11:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\Families, School and Community
[2009/09/02 08:37:12 | 00,049,664 | ---- | C] () -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\syllabus.doc
[2009/09/02 08:36:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\Mathematics in our worl 2
[2007/08/12 00:31:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/03/20 22:45:46 | 00,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/03 17:30:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/03 16:52:32 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/17 11:34:40 | 00,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/04/12 02:03:12 | 00,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/12 01:59:34 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/12 01:42:33 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/12 01:28:14 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 06:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/04 21:43:40 | 00,016,596 | ---- | C] () -- C:\WINDOWS\MSTMON_Y.INI
[2005/09/04 21:43:16 | 00,012,244 | ---- | C] () -- C:\WINDOWS\MSUMLT_Y.INI
[2004/08/07 09:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:58:22 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 01:47:16 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 04:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 04:00:00 | 00,020,014 | ---- | C] () -- C:\WINDOWS\mark_32.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/30 21:25:04 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\OTL.exe
[2009/09/30 21:16:11 | 00,016,596 | ---- | M] () -- C:\WINDOWS\MSTMON_Y.INI
[2009/09/30 21:15:55 | 00,000,297 | ---- | M] () -- C:\hpqp.ini
[2009/09/30 21:15:49 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/09/30 21:15:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/30 21:15:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/30 21:15:17 | 40,080,5888 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/30 19:35:18 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThis.lnk
[2009/09/30 19:35:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThisInstaller.exe
[2009/09/30 15:47:23 | 00,404,992 | ---- | M] () -- C:\WINDOWS\System32\msnaoladdon.dll
[2009/09/30 15:47:17 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\Alpha Antivirus.lnk
[2009/09/30 15:22:52 | 00,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/29 21:35:08 | 00,102,280 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/29 19:55:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/29 08:40:56 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\Microsoft Office Word 2003.lnk
[2009/09/27 18:30:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/23 19:37:50 | 00,122,880 | ---- | M] () -- C:\WINDOWS\System32\NetFilter.exe
[2009/09/23 16:45:51 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/20 17:27:23 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/17 16:41:51 | 04,817,004 | -H-- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Application Data\IconCache.db
[2009/09/10 03:01:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/02 08:37:15 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\syllabus.doc
< End of report >

OTL Extras logfile created on: 9/30/2009 9:25:15 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\kristin smalley.KRISTIN\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.17 Mb Total Physical Memory | 108.02 Mb Available Physical Memory | 28.27% Memory free
919.32 Mb Paging File | 507.80 Mb Available in Paging File | 55.24% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.08 Gb Total Space | 18.50 Gb Free Space | 27.57% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.79 Gb Free Space | 10.66% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISTIN
Current User Name: kristin smalley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[color=\"#E56717\"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=\"#E56717\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[color=\"#E56717\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe" = C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe:*:Enabled:Bradford Persistent Agent -- (Bradford Networks)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0A55F129-B9B5-4836-8A2C-F3B16E850E26}" = Bradford Persistent Agent
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(tm) 6 Update 11
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7D1FA102-9B90-48B0-8DF8-735BBA5F4093}" = Driver Updater Pro
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{F2969393-2D4D-4977-8166-B1251B08EF12}" = McAfee Agent
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops

guestolo · « **Reply #3 on:** September 30, 2009, 08:45:07 PM »

I see remnants of Alpha AV that we must remove
Can you do the following please

Download [color=\"#FF0000\"]> ATF Cleaner <[/color] by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

Afterwards:
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log from MBAM

Please run OTL.exe again and Post ONLY the new log that opens

kristin · « **Reply #4 on:** September 30, 2009, 09:33:14 PM »

Malwarebytes' Anti-Malware 1.41
Database version: 2880
Windows 5.1.2600 Service Pack 2

9/30/2009 10:17:56 PM
mbam-log-2009-09-30 (22-17-56).txt

Scan type: Quick Scan
Objects scanned: 103184
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 11
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
C:\Program Files\AlphaAV\AlphaAV.exe (Rogue.AlphaAV) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Shared\lib.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\msnaoladdon.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\mark_32.dll (Adware.Deepdive) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{95a177ec-1300-408d-bada-e53c4ef25f64} (Adware.Deepdive) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alphaav (Rogue.AlphaAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msdrv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AlphaAV (Rogue.AlphaAV) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Shared\lib.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\msnaoladdon.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\AlphaAV\AlphaAV.exe (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\Alpha Antivirus.lnk (Rogue.AlphaAV) -> Quarantined and deleted successfully.
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetFilter.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mark_32.dll (Adware.Deepdive) -> Delete on reboot.

OTL logfile created on: 9/30/2009 10:29:42 PM - Run 2
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\kristin smalley.KRISTIN\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.17 Mb Total Physical Memory | 123.74 Mb Available Physical Memory | 32.38% Memory free
919.32 Mb Paging File | 528.80 Mb Available in Paging File | 57.52% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.08 Gb Total Space | 19.55 Gb Free Space | 29.15% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.79 Gb Free Space | 10.66% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISTIN
Current User Name: kristin smalley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2005/11/10 18:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/09/17 10:27:12 | 00,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/11/10 18:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/08/04 04:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/17 10:27:06 | 00,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/17 10:27:10 | 00,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/04 09:33:28 | 02,944,736 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/02/06 15:15:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/11/15 18:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/10 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2005/10/07 10:25:36 | 00,133,744 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/25 02:10:58 | 00,749,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/03/10 16:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2005/12/22 03:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2009/02/06 05:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/11/11 00:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/02/17 02:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2005/06/19 16:50:08 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/09/17 10:27:02 | 00,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/12/12 14:39:52 | 00,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005/12/22 11:57:10 | 00,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2005/12/13 16:45:58 | 00,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/08/30 11:49:30 | 00,184,320 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MSTMON_Y.EXE
PRC - [2009/02/06 15:15:03 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/10 16:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\udaterui.exe
PRC - [2009/02/04 09:33:28 | 02,612,960 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
PRC - [2009/03/10 16:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\McTray.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/12/08 16:45:12 | 00,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/09/18 05:58:45 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/10 16:33:30 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/09/19 17:56:11 | 02,294,272 | ---- | M] (XPC Soft) -- C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
PRC - [2006/04/12 01:54:56 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/09/19 21:24:20 | 00,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/09/24 03:42:32 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2009/06/29 04:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/30 21:25:04 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 04:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/11/10 18:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/02/04 09:33:28 | 02,944,736 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/17 10:27:06 | 00,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/10/13 18:48:40 | 00,072,280 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc [On_Demand | Stopped])
SRV - [2005/09/17 10:27:10 | 00,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])
SRV - [2005/09/17 10:27:12 | 00,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/10/23 04:28:54 | 00,045,696 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2009/04/26 18:03:56 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/12/22 03:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/02/06 15:15:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/11/15 18:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009/03/10 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - File not found -- -- (McShield [Auto | Stopped])
SRV - File not found -- -- (McTaskManager [Auto | Stopped])
SRV - [2005/10/07 10:25:36 | 00,133,744 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc [Auto | Running])
SRV - [2005/09/25 02:10:58 | 00,749,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/08/27 00:22:48 | 00,198,368 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan [On_Demand | Stopped])
SRV - [2005/09/19 21:24:20 | 00,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running])
SRV - [2005/09/16 02:21:14 | 01,160,800 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2006/04/12 01:54:56 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2005/03/09 18:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/11/10 18:51:00 | 01,396,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/11/28 05:35:38 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2005/08/18 04:22:54 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2005/08/02 05:58:00 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
DRV - [2005/08/02 06:00:00 | 00,349,312 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
DRV - [2005/05/05 13:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\drivers\EABFiltr.sys -- (eabfiltr [System | Running])
DRV - [2005/05/05 13:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\drivers\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/08/22 05:06:00 | 00,231,424 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])
DRV - [2005/08/22 05:06:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/03/17 00:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2005/11/27 05:00:00 | 00,077,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051127.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2005/11/27 05:00:00 | 00,750,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051127.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 05:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/09/30 07:11:00 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2005/08/27 00:22:48 | 00,334,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])
DRV - [2005/08/27 00:22:50 | 00,053,896 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [Auto | Running])
DRV - [2004/08/04 04:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 15:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
DRV - [2005/09/16 02:21:14 | 00,389,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2006/02/22 19:19:06 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2005/09/02 05:07:36 | 00,199,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Stopped])
DRV - [2006/04/12 01:54:56 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2005/06/19 16:33:18 | 00,190,400 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/20 06:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Stopped])
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2005/08/22 05:06:00 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/06 15:15:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/09/20 17:27:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/09/28 20:37:09 | 00,000,000 | ---D | M]

[2008/07/28 21:19:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/01 09:51:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/10/01 15:33:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/19 20:54:06 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/10/23 00:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/03/03 16:39:13 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/02/24 21:50:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/03/03 16:39:24 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/03/03 16:39:10 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [bncsaui.exe] C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe (Bradford Networks)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\WINDOWS\System32\MSTMON_Y.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe (XPC Soft)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 158.136.1.103 158.136.1.99
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6117d8e6-778c-11dd-9bfc-0016d4323812}\Shell\AutoRun\command - "" = F:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/09/30 22:05:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\Application Data\Malwarebytes
[2009/09/30 22:05:23 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/30 22:05:20 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/30 22:05:18 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/30 22:05:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/30 22:05:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/30 22:04:08 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\mbam-setup.exe
[2009/09/30 21:55:54 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\ATF-Cleaner.exe
[2009/09/30 21:25:00 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\OTL.exe
[2009/09/30 19:35:17 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThis.lnk
[2009/09/30 19:35:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/30 19:34:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThisInstaller.exe
[2009/09/30 15:47:37 | 00,061,440 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\ndisapi.dll
[2009/09/30 15:47:37 | 00,024,576 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\ndisrd.sys
[2009/09/30 15:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Uninstall
[2009/09/28 20:33:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Application Data\Microsoft Help
[2009/09/28 20:31:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/09/23 16:45:51 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/21 17:19:47 | 00,000,000 | ---D | C] -- C:\Program Files\Shared
[2009/09/20 17:30:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/20 17:27:22 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/09 06:53:57 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 17:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\Teaching and Learning
[2009/09/05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/02 11:42:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\Astronomy
[2009/09/02 11:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\Families, School and Community
[2009/09/02 08:37:12 | 00,049,664 | ---- | C] () -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\syllabus.doc
[2009/09/02 08:36:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\Mathematics in our worl 2
[2007/08/12 00:31:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/03/20 22:45:46 | 00,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/03 17:30:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/03 16:52:32 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/17 11:34:40 | 00,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/04/12 02:03:12 | 00,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/12 01:59:34 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/12 01:42:33 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/12 01:28:14 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 06:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/04 21:43:40 | 00,016,596 | ---- | C] () -- C:\WINDOWS\MSTMON_Y.INI
[2005/09/04 21:43:16 | 00,012,244 | ---- | C] () -- C:\WINDOWS\MSUMLT_Y.INI
[2004/08/07 09:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:58:22 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 01:47:16 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 04:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/30 22:21:28 | 00,016,596 | ---- | M] () -- C:\WINDOWS\MSTMON_Y.INI
[2009/09/30 22:21:28 | 00,000,297 | ---- | M] () -- C:\hpqp.ini
[2009/09/30 22:21:23 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/09/30 22:20:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/30 22:20:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/30 22:19:57 | 40,080,5888 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/30 22:05:23 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/30 22:04:21 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\mbam-setup.exe
[2009/09/30 22:00:20 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\ATF-Cleaner.exe
[2009/09/30 21:25:04 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\OTL.exe
[2009/09/30 19:35:18 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThis.lnk
[2009/09/30 19:35:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThisInstaller.exe
[2009/09/30 15:22:52 | 00,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/29 21:35:08 | 00,102,280 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/29 19:55:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/29 08:40:56 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\Microsoft Office Word 2003.lnk
[2009/09/27 18:30:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/23 16:45:51 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/20 17:27:23 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/17 16:41:51 | 04,817,004 | -H-- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Application Data\IconCache.db
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 03:01:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/02 08:37:15 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\syllabus.doc
< End of report >

guestolo · « **Reply #5 on:** October 01, 2009, 08:16:23 AM »

If you didn't purposely install the below
Close down all browser Windows
and from Add and Remove Programs uninstall

Ask Toolbar
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Reboot your computer

Back in Windows
We need to update some of your software to plug security holes that malware can use to infect your computer
Again, close all browser windows
Access your Add and Remove Programs and uninstall

Adobe Reader 6.0.1
Javaâ„¢ 6 Update 11
J2SE Runtime Environment 5.0 Update 6

Again, reboot your computer after all 3 are removed
Back in Windows
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "JRE 6 Update 16".
Click the "Download" button to the right.
In the Window that opens, select Windows, beside PLATFORM:>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double click on jre-6u16-windows-i586.exe that you downloaded, to install the newest version.

NOTE: Java may install a Quick Starter service to run on startup which is really not needed
After installation, simply open the Java icon in Control Panel
Under Advanced tab, expand Miscellaneous, untick "Java Quick Starter" if selected
Apply and Ok it, then exit the Java control panel

You can delete the Java installer after successful installation

Update Adobe Reader
Go to the following link
http://get.adobe.com/reader/
Download and Install the latest
NOTE: When installing, if you have the option to untick any Toolbars, etc.. they may add to the installer
Choose NOT to install any, they are not needed for the A. Reader to function properly

I see remnants of McAfee in your logs, did you at one time have it installed and removed it?
If you did, you should also uninstall McAfee Agent
Let me know if it uninstalls successfully

Post back with a fresh Hijackthis log and keep me informed how things are now running

kristin · « **Reply #6 on:** October 01, 2009, 09:06:05 AM »

Yes, McAfee was installed and then uninstalled because my school changed antivirus software. I tried to uninstall it and it popped up with something saying it cannot be removed because other products are still using it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:03 AM, on 10/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\MSTMON_Y.EXE
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\WINDOWS\system32\MSTMON_Y.EXE STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O18 - Filter hijack: text/html - {95a177ec-1300-408d-bada-e53c4ef25f64} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12626 bytes

guestolo · « **Reply #7 on:** October 01, 2009, 10:11:05 PM »

Let's try removing remnants of McAfee
# Download the removal tool from: http://download.mcafee.com/products/licens...atches/MCPR.exe
# Click Save and save the file to a folder on your computer.
# Navigate to the folder where the file was saved.
# Make sure all McAfee windows are closed.
# Double-click MCPR.exe to run the removal tool.

# Restart your computer after receiving the message CleanUp Successful.

Come back here and post another fresh Hijackthis log and keep me informed how things are running
You omitted that last step on your last post

kristin · « **Reply #8 on:** October 02, 2009, 10:12:32 AM »

My computer is running much better. I tried to use the removal tool for McAfee and I got a message saying "McAfee Enterprise Software detected. Cannot continue. Please contact McAfee Techincal Support." Now to my knowledge I didnt have any McAfee windows open.

guestolo · « **Reply #9 on:** October 02, 2009, 10:56:29 PM »

Try the following, see if it can be removed or found

Click Start>Run.

copy and paste the command below in BLUE to the open field, then hit OK

[color=\"#0000FF\"]msiexec /x {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=ALL REBOOT=R /q[/color]

If that doesn't work, try this next one

[color=\"#4169E1\"]msiexec.exe /x {35C03C04-3F1F-42C2-A989-A757EE691F65} REMOVE=ALL REBOOT=R /q[/color]

and if that one doesn't work, try this one
[color=\"#0000FF\"]msiexec.exe /x {5DF3D1BB-894E-4DCD-8275-159AC9829B43} REMOVE=ALL REBOOT=R /q[/color]

kristin · « **Reply #10 on:** October 05, 2009, 10:15:10 AM »

I tried all three and none of them popped up with anything..

guestolo · « **Reply #11 on:** October 06, 2009, 10:50:32 PM »

Sorry for the delay, let's try and manually stop orphaned entries of McAfee and remove leftovers
Can I see a Fresh Scan with OTL.exe and we can take it from there

kristin · « **Reply #12 on:** October 06, 2009, 11:10:53 PM »

OTL logfile created on: 10/7/2009 12:04:36 AM - Run 3
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\kristin smalley.KRISTIN\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.17 Mb Total Physical Memory | 73.06 Mb Available Physical Memory | 19.12% Memory free
919.32 Mb Paging File | 436.88 Mb Available in Paging File | 47.52% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.08 Gb Total Space | 19.11 Gb Free Space | 28.48% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.79 Gb Free Space | 10.66% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISTIN
Current User Name: kristin smalley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2005/11/10 18:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/09/17 10:27:12 | 00,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/11/10 18:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/08/04 04:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/17 10:27:06 | 00,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/17 10:27:10 | 00,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/04 09:33:28 | 02,944,736 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/10/01 09:48:38 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/11/15 18:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/03/10 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2005/10/07 10:25:36 | 00,133,744 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/09/25 02:10:58 | 00,749,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2009/03/10 16:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2005/12/22 03:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2009/02/06 05:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/11/11 00:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/02/17 02:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2005/06/19 16:50:08 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/09/17 10:27:02 | 00,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/12/12 14:39:52 | 00,094,208 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2005/12/22 11:57:10 | 00,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
PRC - [2005/12/13 16:45:58 | 00,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/08/30 11:49:30 | 00,184,320 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINDOWS\System32\MSTMON_Y.EXE
PRC - [2009/03/10 16:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\udaterui.exe
PRC - [2009/02/04 09:33:28 | 02,612,960 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/01 09:48:39 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/09/18 05:58:45 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/10 16:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\McTray.exe
PRC - [2005/12/08 16:45:12 | 00,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
PRC - [2008/12/10 16:33:30 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/09/19 17:56:11 | 02,294,272 | ---- | M] (XPC Soft) -- C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
PRC - [2006/04/12 01:54:56 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/09/19 21:24:20 | 00,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/24 03:42:32 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/05/19 01:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 13:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2009/06/29 04:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/30 21:25:04 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 04:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/11/10 18:45:00 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/02/04 09:33:28 | 02,944,736 | ---- | M] (Bradford Networks) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/17 10:27:06 | 00,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/10/13 18:48:40 | 00,072,280 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc [On_Demand | Stopped])
SRV - [2005/09/17 10:27:10 | 00,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])
SRV - [2005/09/17 10:27:12 | 00,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/10/23 04:28:54 | 00,045,696 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2009/04/26 18:03:56 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/12/22 03:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/10/01 09:48:38 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/11/15 18:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009/03/10 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - File not found -- -- (McShield [Auto | Stopped])
SRV - File not found -- -- (McTaskManager [Auto | Stopped])
SRV - [2005/10/07 10:25:36 | 00,133,744 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc [Auto | Running])
SRV - [2005/09/25 02:10:58 | 00,749,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/08/27 00:22:48 | 00,198,368 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan [On_Demand | Stopped])
SRV - [2005/09/19 21:24:20 | 00,214,672 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running])
SRV - [2005/09/16 02:21:14 | 01,160,800 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2006/04/12 01:54:56 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2005/01/28 16:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2005/03/09 18:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/11/10 18:51:00 | 01,396,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/11/28 05:35:38 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2005/08/18 04:22:54 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2005/08/02 05:58:00 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
DRV - [2005/08/02 06:00:00 | 00,349,312 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
DRV - [2005/05/05 13:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\drivers\EABFiltr.sys -- (eabfiltr [System | Running])
DRV - [2005/05/05 13:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\drivers\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/08/22 05:06:00 | 00,231,424 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])
DRV - [2005/08/22 05:06:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/03/17 00:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2005/11/27 05:00:00 | 00,077,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051127.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2005/11/27 05:00:00 | 00,750,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051127.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 05:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/09/30 07:11:00 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2005/08/27 00:22:48 | 00,334,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])
DRV - [2005/08/27 00:22:50 | 00,053,896 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [Auto | Running])
DRV - [2004/08/04 04:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 15:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
DRV - [2005/09/16 02:21:14 | 00,389,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2006/02/22 19:19:06 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2005/09/02 05:07:36 | 00,199,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Stopped])
DRV - [2006/04/12 01:54:56 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2005/06/19 16:33:18 | 00,190,400 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/09/20 06:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Stopped])
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2005/08/22 05:06:00 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/01 09:48:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/09/20 17:27:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/10/01 09:59:38 | 00,000,000 | ---D | M]

[2008/07/28 21:19:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/01 09:51:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/10/01 15:33:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/19 20:54:06 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/10/23 00:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/03/03 16:39:13 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/02/24 21:50:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/02/24 21:50:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/03/03 16:39:24 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/03/03 16:39:10 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [bncsaui.exe] C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe (Bradford Networks)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\WINDOWS\System32\MSTMON_Y.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe (XPC Soft)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 158.136.1.103 158.136.1.99
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6117d8e6-778c-11dd-9bfc-0016d4323812}\Shell\AutoRun\command - "" = F:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/10/01 09:59:39 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/01 09:51:18 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\jre-6u16-windows-i586.exe
[2009/10/01 09:49:18 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/01 09:49:17 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/01 09:49:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/01 09:49:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/30 22:05:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\Application Data\Malwarebytes
[2009/09/30 22:05:23 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/30 22:05:20 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/30 22:05:18 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/30 22:05:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/30 22:05:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/30 22:04:08 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\mbam-setup.exe
[2009/09/30 21:55:54 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\ATF-Cleaner.exe
[2009/09/30 21:25:00 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\OTL.exe
[2009/09/30 19:35:17 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThis.lnk
[2009/09/30 19:35:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/30 19:34:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThisInstaller.exe
[2009/09/30 15:47:37 | 00,061,440 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\ndisapi.dll
[2009/09/30 15:47:37 | 00,024,576 | ---- | C] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\ndisrd.sys
[2009/09/30 15:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Uninstall
[2009/09/28 20:33:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Application Data\Microsoft Help
[2009/09/28 20:31:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/09/23 16:45:51 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/21 17:19:47 | 00,000,000 | ---D | C] -- C:\Program Files\Shared
[2009/09/20 17:30:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/20 17:27:22 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/09 06:53:57 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 17:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kristin smalley.KRISTIN\My Documents\Teaching and Learning
[2007/08/12 00:31:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/03/20 22:45:46 | 00,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/03 17:30:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/03 16:52:32 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/17 11:34:40 | 00,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/04/12 02:03:12 | 00,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/04/12 01:59:34 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/04/12 01:42:33 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/12 01:28:14 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 06:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/04 21:43:40 | 00,016,596 | ---- | C] () -- C:\WINDOWS\MSTMON_Y.INI
[2005/09/04 21:43:16 | 00,012,244 | ---- | C] () -- C:\WINDOWS\MSUMLT_Y.INI
[2004/08/07 09:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:58:22 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 01:47:16 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 04:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/06 22:29:46 | 00,000,297 | ---- | M] () -- C:\hpqp.ini
[2009/10/06 22:29:38 | 00,016,596 | ---- | M] () -- C:\WINDOWS\MSTMON_Y.INI
[2009/10/06 22:29:36 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/10/06 22:27:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/06 22:27:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/06 22:27:38 | 40,080,5888 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/06 15:35:23 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\Microsoft Office Word 2003.lnk
[2009/10/04 18:14:30 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/01 09:59:40 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/01 09:51:37 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\jre-6u16-windows-i586.exe
[2009/10/01 09:48:38 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/01 09:48:38 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/01 09:48:38 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/01 09:48:38 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/01 09:48:37 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/30 22:05:23 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/30 22:04:21 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\mbam-setup.exe
[2009/09/30 22:00:20 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\ATF-Cleaner.exe
[2009/09/30 21:25:04 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\OTL.exe
[2009/09/30 19:35:18 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThis.lnk
[2009/09/30 19:35:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\kristin smalley.KRISTIN\Desktop\HijackThisInstaller.exe
[2009/09/30 15:22:52 | 00,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/29 21:35:08 | 00,102,280 | ---- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/29 19:55:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/23 16:45:51 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/20 17:27:23 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/17 16:41:51 | 04,817,004 | -H-- | M] () -- C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Application Data\IconCache.db
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 03:01:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >

guestolo · « **Reply #13 on:** October 06, 2009, 11:49:37 PM »

Go to START>>RUN>>type in Services.msc and hit OK
It the Service Config. window
Look on the right hand side for the following service name
McAfee Framework Service
Double click on it and then under the STARTUP type, change to DISABLED
Apply and OK it
Do the same for the following service names
Network Associates McShield
Network Associates Task Manager

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O18 - Filter hijack: text/html - {95a177ec-1300-408d-bada-e53c4ef25f64} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Back in Windows
Please run OTL.exe.

Copy the commands with file paths below in BLUE to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[color=\"#0000FF\"]:OTL
PRC - [2009/03/10 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2009/03/10 16:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2009/03/10 16:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\udaterui.exe
PRC - [2009/03/10 16:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\McTray.exe
SRV - [2009/03/10 16:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - File not found -- -- (McShield [Auto | Stopped])
SRV - File not found -- -- (McTaskManager [Auto | Stopped])
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)

:files
C:\Program Files\Network Associates

:commands
[emptytemp]
[Reboot][/color]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.

Let this finish, you should be prompted to reboot your computer afterwards
Do so, on startup, a log should open from OTL
Please post that log

In addition: Post a fresh Hijackthis log

kristin · « **Reply #14 on:** October 07, 2009, 10:45:54 AM »

All processes killed
========== OTL ==========
No active process named FrameworkService.exe was found!
No active process named naPrdMgr.exe was found!
No active process named udaterui.exe was found!
No active process named McTray.exe was found!
Service\Driver McAfeeFramework stopped successfully.
Service\Driver McAfeeFramework deleted successfully.
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe moved successfully.
Service\Driver McShield stopped successfully.
Service\Driver McShield deleted successfully.
Service\Driver McTaskManager stopped successfully.
Service\Driver McTaskManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI not found.
C:\Program Files\Network Associates\Common Framework\udaterui.exe moved successfully.
========== FILES ==========
C:\Program Files\Network Associates\VirusScan\RepairCache moved successfully.
C:\Program Files\Network Associates\VirusScan\MID moved successfully.
C:\Program Files\Network Associates\VirusScan moved successfully.
C:\Program Files\Network Associates\Common Framework\Microsoft.VC80.CRT moved successfully.
C:\Program Files\Network Associates\Common Framework\0804 moved successfully.
C:\Program Files\Network Associates\Common Framework\041D moved successfully.
C:\Program Files\Network Associates\Common Framework\0416 moved successfully.
C:\Program Files\Network Associates\Common Framework\0415 moved successfully.
C:\Program Files\Network Associates\Common Framework\0413 moved successfully.
C:\Program Files\Network Associates\Common Framework\0412 moved successfully.
C:\Program Files\Network Associates\Common Framework\0411 moved successfully.
C:\Program Files\Network Associates\Common Framework\0410 moved successfully.
C:\Program Files\Network Associates\Common Framework\040C moved successfully.
C:\Program Files\Network Associates\Common Framework\040A moved successfully.
C:\Program Files\Network Associates\Common Framework\0409 moved successfully.
C:\Program Files\Network Associates\Common Framework\0407 moved successfully.
C:\Program Files\Network Associates\Common Framework\0404 moved successfully.
C:\Program Files\Network Associates\Common Framework moved successfully.
C:\Program Files\Network Associates moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kristin Smalley

User: kristin smalley.KRISTIN
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\YF4XO3OR\1031231101@PageCounter,HeaderSpon,WindowShade,WxSpon,PageSpon,PageSpon2,PdS
earch,PageSpon3,PageSpon4,PList1,PList2,PList3,PList4,PList5,PList6,Hidden1,Hidde
n2[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\YF4XO3OR\click,VaUDAML3BwBwYRkA3tYDAAIABngAAP8AAAADCgIAIQKMrgEALMcFAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAA-UkUkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D14vpr6m60%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\QZ2V27AJ\1071958550@PageCounter,HeaderSpon,WindowShade,WxSpon,PageSpon,PageSpon2,PdS
earch,PageSpon3,PageSpon4,PList1,PList2,PList3,PList4,PList5,PList6,Hidden1,Hidde
n2[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\E9UFKPU1\1864794296@PageCounter,HeaderSpon,WindowShade,WxSpon,PageSpon,PageSpon2,PdS
earch,PageSpon3,PageSpon4,PList1,PList2,PList3,PList4,PList5,PList6,Hidden1,Hidde
n2[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\E9UFKPU1\click,VaUDALn3BwAbGBkACkwIAAIAAngAAP8AAAADCgIAAgKMrgEAQd0LAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAPeTkUkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150d5qv3i%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\~DF50FC.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 28320241 bytes
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temporary Internet Files\Content.IE5\DGJBHQ8D\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temporary Internet Files\Content.IE5\07ZP4T1V\ads[7].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temporary Internet Files\Content.IE5\07ZP4T1V\index[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 47546071 bytes
->Java cache emptied: 44374866 bytes
->Apple Safari cache emptied: 102421 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP folder deleted successfully.
%systemroot% .tmp files removed: 73928 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_140.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 114.90 mb

OTL by OldTimer - Version 3.0.17.0 log created on 10072009_113647

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\YF4XO3OR\1031231101@PageCounter,HeaderSpon,WindowShade,WxSpon,PageSpon,PageSpon2,PdS
earch,PageSpon3,PageSpon4,PList1,PList2,PList3,PList4,PList5,PList6,Hidden1,Hidde
n2[1] not found!
File\Folder C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\YF4XO3OR\click,VaUDAML3BwBwYRkA3tYDAAIABngAAP8AAAADCgIAIQKMrgEALMcFAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAA-UkUkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D14vpr6m60%2FM%3D715481[1].htm not found!
File\Folder C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\QZ2V27AJ\1071958550@PageCounter,HeaderSpon,WindowShade,WxSpon,PageSpon,PageSpon2,PdS
earch,PageSpon3,PageSpon4,PList1,PList2,PList3,PList4,PList5,PList6,Hidden1,Hidde
n2[1] not found!
File\Folder C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\E9UFKPU1\1864794296@PageCounter,HeaderSpon,WindowShade,WxSpon,PageSpon,PageSpon2,PdS
earch,PageSpon3,PageSpon4,PList1,PList2,PList3,PList4,PList5,PList6,Hidden1,Hidde
n2[1] not found!
File\Folder C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\Temporary Internet Files\Content.IE5\E9UFKPU1\click,VaUDALn3BwAbGBkACkwIAAIAAngAAP8AAAADCgIAAgKMrgEAQd0LAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAPeTkUkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D150d5qv3i%2FM%3D715481[1].htm not found!
File\Folder C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temp\~DF50FC.tmp not found!
C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temporary Internet Files\Content.IE5\DGJBHQ8D\iframe[1].htm moved successfully.
C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temporary Internet Files\Content.IE5\07ZP4T1V\ads[7].htm moved successfully.
C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temporary Internet Files\Content.IE5\07ZP4T1V\index[3].htm moved successfully.
C:\Documents and Settings\kristin smalley.KRISTIN\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_140.dat not found!

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:48 AM, on 10/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\MSTMON_Y.EXE
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\WINDOWS\system32\MSTMON_Y.EXE STARTUP
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O18 - Filter hijack: text/html - {95a177ec-1300-408d-bada-e53c4ef25f64} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11706 bytes

guestolo · « **Reply #15 on:** October 07, 2009, 08:53:28 PM »

Looking good
Can you open Hijackthis>>Open "Misc tools section"
Open "Uninstall entry"
In the list, can you highlight McAfee Agent

Then select
"Delete Entry"
Close HIjackthis

Once again, do the following
Open ATF-Cleaner.exe and Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

Reboot the computer afterwards
Back in Windows

Let me know how everything is now running

kristin · « **Reply #16 on:** October 08, 2009, 04:13:27 PM »

The computer is running much better

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #17 on:** October 10, 2009, 11:03:40 AM »

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool
At the link you can read more about it then continue with
Free Download on the right>>Continue Download at next page
Basically it

Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

You still have not installed Service Pack 3 for Windows
Is there a reason your behind on this update?

TheTechGuide Forum

News:

Author Topic: computer infected (Read 1469 times)

kristin

computer infected

guestolo

computer infected

kristin

computer infected

guestolo

computer infected

kristin

computer infected

guestolo

computer infected

kristin

computer infected

guestolo

computer infected

kristin

computer infected

guestolo

computer infected

kristin

computer infected

guestolo

computer infected

kristin

computer infected

guestolo

computer infected

kristin

computer infected

guestolo

computer infected

kristin

computer infected

guestolo

computer infected