1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Search results being redirected IE and Firefox

Discussion in 'Malware and Virus Removal Archive' started by carab, 2010/06/19.

Thread Status:
Not open for further replies.
  1. 2010/06/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)
     
  2. 2010/06/22
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    Looks like that did the trick!! Wow... what a nasty thing! I'll let you know if it comes back - i only tried a few different searches, but so far so good!

    Thank you!!!!!!!!
     

  3. to hide this advert.

  4. 2010/06/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK....LOL
    Which steps did actually help?


    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ==============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
  5. 2010/06/23
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    I did the OTL.exe and the system restore stuff, downloaded WOT, and guess what? The problem's still there.

    :(

    What's next?
     
  6. 2010/06/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I really don't see much in your logs.

    Did you perform "ipconfig" part from my reply #19?
     
  7. 2010/06/24
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    yes, I did everything
     
  8. 2010/06/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, repeat same steps:
    Is there any other computer connected to the same router?
    If so, is file sharing enabled?
     
  9. 2010/06/24
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    No, no other computer. File sharing is disabled. The only other thing connected to the router is a Verizon wireless network extender antenna, but I've had it for as long as I've had internet, so I don't think it has anything to do with the problem.

    I just tried searching again, and it's still happening. This time it went to asklots.com - the window says "Jump - Windows Internet Explorer "

    WOT Warning says This site has a poor reputation... LOL ...

    So, now what?
     
  10. 2010/06/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. 2010/07/09
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    ComboFix 10-07-07.02 - Cara 07/08/2010 19:55:39.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.893.363 [GMT -5:00]
    Running from: c:\users\Cara\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
    .

    2010-07-09 01:06 . 2010-07-09 01:06 -------- d-----w- c:\users\ScottyRock155\AppData\Local\temp
    2010-07-09 01:06 . 2010-07-09 01:06 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-07-09 01:06 . 2010-07-09 01:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-07-09 00:52 . 2010-07-09 00:52 -------- d-----w- C:\32788R22FWJFW
    2010-06-24 02:18 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2010-06-24 02:18 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2010-06-24 02:18 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-06-24 02:18 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
    2010-06-24 02:18 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
    2010-06-24 02:18 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2010-06-24 02:18 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-06-24 01:58 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
    2010-06-24 01:58 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
    2010-06-24 01:58 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2010-06-24 01:57 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
    2010-06-24 01:57 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
    2010-06-24 01:50 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-06-24 01:50 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
    2010-06-24 01:50 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
    2010-06-24 01:43 . 2010-05-04 05:55 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-24 01:43 . 2010-05-04 05:59 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 01:42 . 2010-05-04 05:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-24 01:42 . 2010-05-04 04:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-06-24 01:32 . 2010-01-23 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-06-24 01:31 . 2008-10-21 05:16 1645568 ----a-w- c:\windows\system32\connect.dll
    2010-06-24 01:29 . 2009-08-14 16:40 103936 ----a-w- c:\windows\system32\netiohlp.dll
    2010-06-24 01:29 . 2009-08-14 14:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2010-06-24 01:29 . 2009-08-14 14:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2010-06-24 01:29 . 2009-08-14 14:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2010-06-24 01:29 . 2009-08-14 14:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2010-06-24 01:29 . 2009-08-14 14:25 19968 ----a-w- c:\windows\system32\ARP.EXE
    2010-06-24 01:29 . 2009-08-14 14:25 10240 ----a-w- c:\windows\system32\finger.exe
    2010-06-24 01:29 . 2009-08-14 14:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2010-06-24 01:29 . 2009-08-14 16:40 15360 ----a-w- c:\windows\system32\netevent.dll
    2010-06-24 01:26 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-06-24 01:26 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-06-24 01:26 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
    2010-06-24 01:26 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
    2010-06-24 01:26 . 2009-08-31 14:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
    2010-06-24 01:26 . 2009-08-31 14:18 1244672 ----a-w- c:\windows\system32\mcmde.dll
    2010-06-24 01:26 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-06-24 01:26 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
    2010-06-24 01:26 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-06-24 01:24 . 2008-09-10 03:25 1341440 ----a-w- c:\windows\system32\msxml6.dll
    2010-06-24 01:24 . 2008-09-10 03:21 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2010-06-24 01:24 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2010-06-24 01:24 . 2009-10-19 14:42 156672 ----a-w- c:\windows\system32\t2embed.dll
    2010-06-24 01:24 . 2009-10-19 14:37 72704 ----a-w- c:\windows\system32\fontsub.dll
    2010-06-24 01:24 . 2009-10-19 14:39 24064 ----a-w- c:\windows\system32\lpk.dll
    2010-06-24 01:24 . 2009-10-19 14:37 10240 ----a-w- c:\windows\system32\dciman32.dll
    2010-06-24 01:24 . 2009-10-19 14:36 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-06-24 01:24 . 2009-10-19 11:45 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-06-24 01:24 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-06-24 01:24 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-06-24 01:24 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-06-24 01:22 . 2009-12-28 12:31 1327616 ----a-w- c:\windows\system32\quartz.dll
    2010-06-24 01:21 . 2009-04-23 13:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-06-24 01:21 . 2008-10-29 06:20 2923520 ----a-w- c:\windows\explorer.exe
    2010-06-24 01:21 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
    2010-06-24 01:21 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll
    2010-06-24 01:21 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
    2010-06-24 01:21 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll
    2010-06-24 01:21 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
    2010-06-24 01:20 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
    2010-06-24 01:20 . 2009-07-17 14:52 71680 ----a-w- c:\windows\system32\atl.dll
    2010-06-24 01:20 . 2008-09-05 04:48 1194496 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-24 01:20 . 2008-09-05 04:45 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2010-06-24 01:20 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
    2010-06-24 00:55 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
    2010-06-24 00:55 . 2009-09-10 17:31 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2010-06-24 00:55 . 2009-09-10 17:30 7680 ----a-w- c:\windows\system32\spwmp.dll
    2010-06-24 00:55 . 2009-09-10 15:14 8147968 ----a-w- c:\windows\system32\wmploc.DLL
    2010-06-24 00:53 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
    2010-06-24 00:43 . 2010-06-24 00:43 -------- d-----w- c:\program files\WOT
    2010-06-20 19:35 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-20 05:59 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-06-20 05:28 . 2010-06-20 05:28 -------- d-----w- c:\users\Cara\AppData\Roaming\Avira
    2010-06-20 02:57 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-06-20 02:57 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-06-20 02:57 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-06-20 02:57 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-06-20 02:57 . 2010-06-20 02:57 -------- d-----w- c:\programdata\Avira
    2010-06-20 02:57 . 2010-06-20 02:57 -------- d-----w- c:\program files\Avira
    2010-06-20 01:37 . 2010-06-20 01:37 680 ----a-w- c:\users\Cara\AppData\Local\d3d9caps.dat
    2010-06-14 02:00 . 2010-06-24 00:29 -------- d-----w- c:\program files\Panda Security
    2010-06-14 01:27 . 2010-06-14 01:27 -------- d-----w- c:\users\Cara\AppData\Roaming\Malwarebytes
    2010-06-14 01:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-14 01:26 . 2010-06-14 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-14 01:26 . 2010-06-14 01:26 -------- d-----w- c:\programdata\Malwarebytes
    2010-06-14 01:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-24 22:51 . 2008-04-14 15:34 56728 ----a-w- c:\users\Cara\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-06-20 19:51 . 2008-04-10 07:55 -------- d-----w- c:\program files\Java
    2010-06-20 19:43 . 2008-04-10 07:55 -------- d-----w- c:\program files\Common Files\Java
    2010-06-08 22:33 . 2010-06-08 22:33 80896 ------w- c:\windows\system32\dbbc.sys
    2010-05-20 23:34 . 2010-05-20 23:34 -------- d-----w- c:\users\Cara\AppData\Roaming\AdobeUM
    2010-05-20 23:33 . 2008-07-17 17:51 -------- d-----w- c:\program files\Common Files\Adobe
    2010-05-02 03:59 . 2010-05-02 03:59 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2009-12-08 01:50 . 2009-12-08 01:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2008-04-10 15:35 . 2008-04-10 15:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    2010-02-04 17:59 2349592 ----a-w- c:\program files\Zynga\tbZyng.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822} "= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{7B13EC3E-999A-4B70-B9CB-2617B8323822} "= "c:\program files\Zynga\tbZyng.dll" [2010-02-04 2349592]

    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "Google Update "= "c:\users\Cara\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-01 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-24 857648]
    "SigmatelSysTrayApp "= "sttray.exe" [2007-04-24 303104]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-14 16384]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1167157780-497472970-3894054306-1000]
    "EnableNotifications "=dword:00000001
    "EnableNotificationsRef "=dword:00000001

    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-08 30192]
    S1 dbbc;dbbc;c:\windows\system32\dbbc.sys [2010-06-08 80896]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1167157780-497472970-3894054306-1000Core.job
    - c:\users\Cara\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 23:43]

    2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1167157780-497472970-3894054306-1000UA.job
    - c:\users\Cara\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 23:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://mail.google.com/mail/?shva=1#
    mStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080410
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\knszno0y.Cara\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?hl=en&shva=1#
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Picasa2\npPicasa2.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: c:\users\Cara\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Cara\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Cara\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-08 20:07
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2010-07-08 20:13:29
    ComboFix-quarantined-files.txt 2010-07-09 01:13

    Pre-Run: 43,370,516,480 bytes free
    Post-Run: 43,406,004,224 bytes free

    - - End Of File - - 84EB9693DB84F83679406F0F3BF09182
     
  12. 2010/07/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  13. 2010/07/10
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    Bootkit Remover version 1.0.0.1
    (c) 2009 eSage Lab
    www.esagelab.com

    \\.\C: -> \\.\PhysicalDrive0
    MD5: 0ec6b2481fc707d1e901dc2a875f2826
    \\.\D: -> \\.\PhysicalDrive0

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Press any key to quit...
     
  14. 2010/07/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same thing?
     
  15. 2010/07/10
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    Same thing.
     
  16. 2010/07/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's try one more thing.
    Turn computer off.

    Your router should have a small pinhole, marked "Reset ".
    Using a pencil, or a paperclip, keep pushing that hole until all lights turn solid for a brief moment.
    Start computer and check for redirection.
     
  17. 2010/07/10
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    Still happening.
     
  18. 2010/07/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Try again...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client "
    net start "dns client "


    Restart computer and check for redirection.
     
  19. 2010/07/11
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    Still redirecting.
     
  20. 2010/07/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I want you to uninstall Zynga Toolbar.

    When done, please post a "Quick Scan" from OTL.
     
  21. 2010/07/11
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    OTL logfile created on: 7/11/2010 7:48:33 PM - Run 1
    OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Cara\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    893.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 20.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 64.44 Gb Total Space | 35.46 Gb Free Space | 55.02% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.30 Gb Free Space | 63.04% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOME-PC
    Current User Name: Cara
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/11 19:48:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
    PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/07/20 18:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/04/24 07:31:14 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
    PRC - [2007/04/24 07:31:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2006/04/28 10:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/11 19:48:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
    MOD - [2006/11/02 04:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
    MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/12/07 20:50:40 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
    SRV - [2008/04/10 10:23:00 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/04/24 07:31:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Cara\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV - [2010/06/08 17:33:27 | 000,080,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\dbbc.sys -- (dbbc)
    DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2008/04/10 10:35:31 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/04/10 10:35:31 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/04/10 10:35:31 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/12/07 00:52:48 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
    DRV - [2007/10/17 04:33:56 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2007/05/24 00:08:56 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/04/29 00:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/04/29 00:24:28 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/04/29 00:24:28 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/04/29 00:24:28 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/04/24 07:31:16 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/04/24 07:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2007/04/24 07:00:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/04/24 07:00:18 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/04/24 07:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/10/30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/small...n&client=dell-usuk&channel=us-smb&ibd=1080410

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?hl=en&shva=1# "

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/10 11:03:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 15:07:43 | 000,000,000 | ---D | M]

    [2008/10/23 16:02:49 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\Mozilla\Extensions
    [2010/06/08 17:16:00 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\3te386a9.default\extensions
    [2010/05/22 20:40:16 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\3te386a9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2008/10/13 12:00:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\3te386a9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/06/08 17:36:05 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\knszno0y.Cara\extensions
    [2010/07/10 13:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/20 14:52:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/06/20 14:51:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

    O1 HOSTS File: ([2010/06/20 15:01:17 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/11 19:48:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
    [2010/07/10 12:51:09 | 000,000,000 | ---D | C] -- C:\Users\Cara\Desktop\Videos
    [2010/07/10 00:05:59 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Users\Cara\Desktop\remover.exe
    [2010/07/08 20:13:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/07/08 20:11:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/07/08 19:53:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/07/08 19:53:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/07/08 19:53:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/07/08 19:53:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/07/08 19:52:18 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/07/08 19:43:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/06/23 19:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
    [2010/06/20 20:21:37 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Cara\Desktop\TFC.exe
    [2010/06/20 14:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/06/20 00:31:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/06/20 00:28:26 | 000,000,000 | ---D | C] -- C:\Users\Cara\AppData\Roaming\Avira
    [2010/06/19 23:59:30 | 000,000,000 | ---D | C] -- C:\Users\Cara\Desktop\Malware ****
    [2010/06/19 21:57:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2010/06/19 21:57:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2010/06/19 21:57:14 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2010/06/19 21:57:14 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
    [2010/06/19 21:57:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
    [2010/06/19 21:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/06/19 21:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/06/13 21:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2010/06/13 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Cara\AppData\Roaming\Malwarebytes
    [2010/06/13 20:26:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/06/13 20:26:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/06/13 20:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/06/13 20:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/05/20 18:34:25 | 000,000,000 | ---D | C] -- C:\Users\Cara\AppData\Roaming\AdobeUM
    [2010/05/20 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Cara\Documents\My eBooks

    ========== Files - Modified Within 90 Days ==========

    [2010/07/11 19:48:48 | 002,621,440 | -HS- | M] () -- C:\Users\Cara\NTUSER.DAT
    [2010/07/11 19:48:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
    [2010/07/11 19:39:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/07/11 19:39:07 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/07/11 19:39:06 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/07/11 15:29:43 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2010/07/11 15:28:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/07/11 15:25:40 | 002,768,861 | -H-- | M] () -- C:\Users\Cara\AppData\Local\IconCache.db
    [2010/07/11 15:23:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1167157780-497472970-3894054306-1000UA.job
    [2010/07/11 15:06:36 | 000,000,104 | ---- | M] () -- C:\Users\Cara\Desktop\Computer - Shortcut.lnk
    [2010/07/10 20:23:42 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1167157780-497472970-3894054306-1000Core.job
    [2010/07/10 00:04:15 | 000,478,504 | ---- | M] () -- C:\Users\Cara\Desktop\bootkit_remover.rar
    [2010/07/08 20:07:47 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/07/08 19:52:17 | 003,728,433 | R--- | M] () -- C:\Users\Cara\Desktop\ComboFix.exe
    [2010/07/08 11:57:23 | 000,049,664 | ---- | M] () -- C:\Users\Cara\Desktop\BanhagelJuly8.doc
    [2010/07/06 18:41:10 | 000,011,146 | ---- | M] () -- C:\Users\Cara\Documents\Medium-Short Cover Letter.docx
    [2010/07/06 18:36:41 | 000,011,291 | ---- | M] () -- C:\Users\Cara\Documents\Medium Cover Letter.docx
    [2010/07/06 18:03:21 | 000,011,863 | ---- | M] () -- C:\Users\Cara\Documents\Cover Letter.docx
    [2010/07/06 17:10:34 | 000,044,032 | ---- | M] () -- C:\Users\Cara\Desktop\BanhagelResumeQ.doc
    [2010/07/06 14:35:52 | 000,001,701 | ---- | M] () -- C:\Users\Cara\Desktop\NASAContactImport.csv
    [2010/07/06 14:27:40 | 000,064,000 | ---- | M] () -- C:\Users\Cara\Desktop\Networking List 2010-06-25.xls
    [2010/07/05 16:44:12 | 000,043,520 | ---- | M] () -- C:\Users\Cara\Desktop\BanhagelResume.doc
    [2010/07/02 21:24:32 | 000,002,039 | ---- | M] () -- C:\Users\Cara\Desktop\Google Chrome.lnk
    [2010/06/30 20:51:26 | 000,720,778 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/06/30 20:51:26 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/06/30 20:51:26 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/06/24 17:51:42 | 000,056,728 | ---- | M] () -- C:\Users\Cara\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/06/24 17:48:45 | 000,000,945 | ---- | M] () -- C:\Users\Cara\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/06/24 17:47:32 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
    [2010/06/24 17:43:30 | 000,262,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/06/23 21:18:16 | 048,070,656 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
    [2010/06/23 21:18:14 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
    [2010/06/23 21:18:14 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
    [2010/06/20 20:21:51 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\TFC.exe
    [2010/06/20 15:01:17 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2010/06/19 23:23:16 | 126,409,011 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/06/19 20:37:59 | 000,000,680 | ---- | M] () -- C:\Users\Cara\AppData\Local\d3d9caps.dat
    [2010/06/19 20:06:14 | 000,000,036 | ---- | M] () -- C:\Users\Cara\AppData\Local\housecall.guid.cache
    [2010/06/08 17:33:27 | 000,080,896 | ---- | M] () -- C:\Windows\System32\dbbc.sys
    [2010/05/20 22:27:19 | 002,501,459 | ---- | M] () -- C:\Users\Cara\Desktop\SetupManualNetgear.pdf
    [2010/05/03 21:58:45 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe

    ========== Files Created - No Company Name ==========

    [2010/07/11 15:06:36 | 000,000,104 | ---- | C] () -- C:\Users\Cara\Desktop\Computer - Shortcut.lnk
    [2010/07/10 00:04:08 | 000,478,504 | ---- | C] () -- C:\Users\Cara\Desktop\bootkit_remover.rar
    [2010/07/08 19:53:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/07/08 19:53:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/07/08 19:53:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/07/08 19:53:11 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/07/08 19:53:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/07/08 19:52:00 | 003,728,433 | R--- | C] () -- C:\Users\Cara\Desktop\ComboFix.exe
    [2010/07/08 11:23:30 | 000,049,664 | ---- | C] () -- C:\Users\Cara\Desktop\BanhagelJuly8.doc
    [2010/07/06 18:41:09 | 000,011,146 | ---- | C] () -- C:\Users\Cara\Documents\Medium-Short Cover Letter.docx
    [2010/07/06 18:36:39 | 000,011,291 | ---- | C] () -- C:\Users\Cara\Documents\Medium Cover Letter.docx
    [2010/07/06 17:57:17 | 000,011,863 | ---- | C] () -- C:\Users\Cara\Documents\Cover Letter.docx
    [2010/07/06 17:10:28 | 000,044,032 | ---- | C] () -- C:\Users\Cara\Desktop\BanhagelResumeQ.doc
    [2010/07/06 14:35:49 | 000,001,701 | ---- | C] () -- C:\Users\Cara\Desktop\NASAContactImport.csv
    [2010/07/06 14:27:25 | 000,064,000 | ---- | C] () -- C:\Users\Cara\Desktop\Networking List 2010-06-25.xls
    [2010/06/29 11:58:37 | 000,043,520 | ---- | C] () -- C:\Users\Cara\Desktop\BanhagelResume.doc
    [2010/06/23 21:13:06 | 048,070,656 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
    [2010/06/23 21:13:06 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
    [2010/06/23 21:13:06 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
    [2010/06/23 20:43:00 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2010/06/23 20:22:26 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2010/06/19 22:39:46 | 126,409,011 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/06/19 20:53:58 | 000,000,945 | ---- | C] () -- C:\Users\Cara\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/06/19 20:37:58 | 000,000,680 | ---- | C] () -- C:\Users\Cara\AppData\Local\d3d9caps.dat
    [2010/06/19 20:06:14 | 000,000,036 | ---- | C] () -- C:\Users\Cara\AppData\Local\housecall.guid.cache
    [2010/06/08 17:33:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\dbbc.sys
    [2010/05/20 22:27:13 | 002,501,459 | ---- | C] () -- C:\Users\Cara\Desktop\SetupManualNetgear.pdf
    [2008/04/10 10:36:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/04/10 10:36:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/04/10 10:35:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/04/10 03:05:00 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2008/04/10 02:55:57 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/01/12 17:09:14 | 000,090,112 | ---- | C] () -- C:\Windows\System32\DXFLib.dll
    [2006/01/12 17:08:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\opcode.dll

    ========== LOP Check ==========

    [2008/07/28 20:28:49 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\acccore
    [2008/07/28 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\Aim
    [2008/04/25 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\PeerNetworking
    [2008/09/20 17:05:56 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\SecondLife
    [2010/07/11 15:26:47 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.