Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vimax Ads, Goggle Redirect [Solved]

Started by ezstreet1 , Aug 19 2009 02:18 PM

  • This topic is locked This topic is locked

#1
ezstreet1
Posted 19 August 2009 - 02:18 PM

ezstreet1

    Member

  • Member
  • PipPip
  • 18 posts
I have worked my way through the preperation guide, but with a few issues.
First, MBAM seems to install ok, but will not run.
Second, when attempting to install SysRestore I get the following message: To run this application, you first must install one of the following versions of the.NET Framework:v2.0.50727
Contact your application publisher for instructions about obtaining the appropriate version of the .NET Framework
Third, the www.windowsupdate.com/ page will not load - Chrome says oops this link appears to be broken

Other than that the prep went as it should and is as follows.

Thanks in advance!!

--Christian

OTL LOG:

OTL logfile created on: 8/19/2009 3:51:53 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Christian Street\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.54% Memory free
2.86 Gb Paging File | 2.51 Gb Available in Paging File | 87.99% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 2.96 Gb Free Space | 4.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 28.06 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CST
Current User Name: Christian Street
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2004/10/14 21:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/27 03:02:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/05/31 06:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2006/12/19 12:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2003/09/03 22:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2006/12/19 16:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2007/12/28 02:44:44 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2007/02/22 21:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2006/12/19 12:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/17 21:06:00 | 01,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/02/25 20:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2007/06/13 17:40:29 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/07 14:17:44 | 00,087,592 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\bagent.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/04/19 00:26:00 | 00,159,810 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2003/05/15 02:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2006/09/07 16:21:38 | 00,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/19 15:49:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian Street\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2005/12/03 22:12:05 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2007/01/25 01:11:16 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/12/17 15:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2007/04/19 00:26:00 | 00,159,810 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...n...UTF-8&hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...ie=UTF-8&hl=en"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/22 13:05:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/30 16:10:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/30 16:10:11 | 00,000,000 | ---D | M]

[2009/05/02 21:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Extensions
[2008/08/26 18:37:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/02 21:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Extensions\[email protected]
[2009/06/30 15:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions
[2009/01/07 10:58:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/25 13:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/03/16 23:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions\[email protected]
[2009/08/14 00:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/30 16:10:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/21 13:02:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/15 22:16:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/06/15 12:43:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/14 00:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/06/30 16:09:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/30 16:09:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/30 16:10:01 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/30 16:10:06 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/30 16:10:06 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/30 16:10:06 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/30 16:10:06 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/30 16:10:06 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/30 16:10:06 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/30 16:10:06 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\System32\TwcToolbarBho.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Christian Street\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Christian Street\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} https://stores.music...NugsActiveX.cab (dlControl.UserControl1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia....tupv2.0.0.9.cab? (Photo Upload Plugin Class)
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} http://xmro.xmradio..../xmprofiler.CAB (XMRADIO.XM_SystemProfiler)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.213,85.255.112.6
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\winadr32: DllName - winadr32.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/27 08:52:18 | 00,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O33 - MountPoints2\{1b1753dc-80f2-11dd-9bbf-0013208fc6b5}\Shell - "" = AutoRun
O33 - MountPoints2\{1b1753dc-80f2-11dd-9bbf-0013208fc6b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b1753dc-80f2-11dd-9bbf-0013208fc6b5}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[6 C:\Documents and Settings\Christian Street\My Documents\*.tmp files]
[2009/08/19 15:35:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/19 15:34:42 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Christian Street\Desktop\NTREGOPT.lnk
[2009/08/19 15:34:42 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Christian Street\Desktop\ERUNT.lnk
[2009/08/19 15:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/19 02:21:00 | 00,119,808 | ---- | C] () -- C:\Documents and Settings\Christian Street\My Documents\Workout.doc
[2009/08/19 01:59:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/19 00:58:27 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2009/08/19 00:58:27 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/08/19 00:58:26 | 01,435,272 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2009/08/19 00:58:26 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2009/08/19 00:58:26 | 00,265,753 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\AS-Exp2.ocx
[2009/08/19 00:58:26 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2009/08/19 00:58:26 | 00,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2009/08/19 00:58:26 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2009/08/06 00:47:21 | 00,065,451 | ---- | C] () -- C:\Documents and Settings\Christian Street\My Documents\AR15.com CLASSIFIEDS - Sig Sauer 229 .40 4 mags.htm.40 4 mags
[2009/08/06 00:47:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christian Street\My Documents\AR15.com CLASSIFIEDS - Sig Sauer 229 .40 4 mags.htm_files

========== Files - Modified Within 14 Days ==========

[6 C:\Documents and Settings\Christian Street\My Documents\*.tmp files]
[2009/08/19 15:37:00 | 00,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006UA.job
[2009/08/19 15:34:42 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Christian Street\Desktop\NTREGOPT.lnk
[2009/08/19 15:34:42 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Christian Street\Desktop\ERUNT.lnk
[2009/08/19 15:24:40 | 00,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/08/19 15:24:33 | 00,001,088 | ---- | M] () -- C:\Documents and Settings\Christian Street\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
[2009/08/19 15:23:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/19 15:23:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/19 15:23:10 | 16,085,68832 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/19 02:21:00 | 00,119,808 | ---- | M] () -- C:\Documents and Settings\Christian Street\My Documents\Workout.doc
[2009/08/19 01:03:55 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/18 16:37:01 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006Core.job
[2009/08/18 11:16:26 | 00,001,806 | -H-- | M] () -- C:\Documents and Settings\Christian Street\My Documents\Default.rdp
[2009/08/18 10:31:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/08 15:07:54 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/06 00:47:21 | 00,065,451 | ---- | M] () -- C:\Documents and Settings\Christian Street\My Documents\AR15.com CLASSIFIEDS - Sig Sauer 229 .40 4 mags.htm.40 4 mags

========== LOP Check ==========

[2009/08/19 14:46:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/13 00:11:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/07 10:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/11/18 00:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/04/23 15:24:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/23 15:39:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2008/02/26 09:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/02/25 15:08:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2005/11/10 19:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontStore Assessment
[2007/02/03 16:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2005/12/03 22:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/06/22 15:06:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/07/11 19:08:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Naked
[2007/12/31 13:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2005/11/10 22:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2004/08/10 15:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/11/17 18:32:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/28 20:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/08/19 11:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/02/28 17:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/07/02 10:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/04/29 20:17:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Christian Street\Application Data
[2006/03/10 23:37:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Ahead
[2007/12/31 13:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Aim
[2007/12/28 02:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\ArcSoft
[2009/07/29 15:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Canon
[2005/12/07 20:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Corel
[2005/11/15 21:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\CyberLink
[2009/01/22 15:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\ImgBurn
[2007/02/03 16:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Intuit
[2005/11/15 23:40:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Leadertech
[2009/03/18 22:58:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Christian Street\Application Data\Move Networks
[2007/02/03 14:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\OfficeUpdate12
[2005/11/18 01:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Simple Star
[2006/11/27 21:11:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Smith Micro
[2005/12/01 20:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Snapfish
[2008/03/28 22:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Systweak
[2008/03/30 11:19:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Uniblue
[2009/05/01 12:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\uTorrent
[2009/07/21 11:42:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Vso
[2009/07/02 23:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\ZoomBrowser EX
[2009/08/18 10:31:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/18 16:37:01 | 00,000,970 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006Core.job
[2009/08/19 15:37:00 | 00,001,022 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006UA.job
[2009/08/19 15:23:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
< End of report >


OTL logfile created on: 8/19/2009 3:51:53 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Christian Street\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.54% Memory free
2.86 Gb Paging File | 2.51 Gb Available in Paging File | 87.99% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 2.96 Gb Free Space | 4.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 28.06 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CST
Current User Name: Christian Street
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2004/10/14 21:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/27 03:02:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/05/31 06:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2006/12/19 12:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2003/09/03 22:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2006/12/19 16:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2007/12/28 02:44:44 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2007/02/22 21:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2006/12/19 12:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/17 21:06:00 | 01,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/02/25 20:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2007/06/13 17:40:29 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/07 14:17:44 | 00,087,592 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\bagent.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/04/19 00:26:00 | 00,159,810 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2003/05/15 02:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2006/09/07 16:21:38 | 00,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/19 15:49:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian Street\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2005/12/03 22:12:05 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2007/01/25 01:11:16 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/12/17 15:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2007/04/19 00:26:00 | 00,159,810 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...n...UTF-8&hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...ie=UTF-8&hl=en"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/22 13:05:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/30 16:10:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/30 16:10:11 | 00,000,000 | ---D | M]

[2009/05/02 21:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Extensions
[2008/08/26 18:37:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/02 21:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Extensions\[email protected]
[2009/06/30 15:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions
[2009/01/07 10:58:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/25 13:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/03/16 23:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions\[email protected]
[2009/08/14 00:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/30 16:10:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/21 13:02:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/15 22:16:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/06/15 12:43:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/14 00:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/06/30 16:09:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/30 16:09:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/30 16:10:01 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/30 16:10:06 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/30 16:10:06 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/30 16:10:06 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/30 16:10:06 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/30 16:10:06 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/30 16:10:06 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/30 16:10:06 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\System32\TwcToolbarBho.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Christian Street\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Christian Street\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} https://stores.music...NugsActiveX.cab (dlControl.UserControl1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia....tupv2.0.0.9.cab? (Photo Upload Plugin Class)
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} http://xmro.xmradio..../xmprofiler.CAB (XMRADIO.XM_SystemProfiler)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.213,85.255.112.6
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\winadr32: DllName - winadr32.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/27 08:52:18 | 00,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O33 - MountPoints2\{1b1753dc-80f2-11dd-9bbf-0013208fc6b5}\Shell - "" = AutoRun
O33 - MountPoints2\{1b1753dc-80f2-11dd-9bbf-0013208fc6b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b1753dc-80f2-11dd-9bbf-0013208fc6b5}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[6 C:\Documents and Settings\Christian Street\My Documents\*.tmp files]
[2009/08/19 15:35:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/19 15:34:42 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Christian Street\Desktop\NTREGOPT.lnk
[2009/08/19 15:34:42 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Christian Street\Desktop\ERUNT.lnk
[2009/08/19 15:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/19 02:21:00 | 00,119,808 | ---- | C] () -- C:\Documents and Settings\Christian Street\My Documents\Workout.doc
[2009/08/19 01:59:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/19 00:58:27 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2009/08/19 00:58:27 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/08/19 00:58:26 | 01,435,272 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2009/08/19 00:58:26 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2009/08/19 00:58:26 | 00,265,753 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\AS-Exp2.ocx
[2009/08/19 00:58:26 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2009/08/19 00:58:26 | 00,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2009/08/19 00:58:26 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2009/08/06 00:47:21 | 00,065,451 | ---- | C] () -- C:\Documents and Settings\Christian Street\My Documents\AR15.com CLASSIFIEDS - Sig Sauer 229 .40 4 mags.htm.40 4 mags
[2009/08/06 00:47:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christian Street\My Documents\AR15.com CLASSIFIEDS - Sig Sauer 229 .40 4 mags.htm_files

========== Files - Modified Within 14 Days ==========

[6 C:\Documents and Settings\Christian Street\My Documents\*.tmp files]
[2009/08/19 15:37:00 | 00,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006UA.job
[2009/08/19 15:34:42 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Christian Street\Desktop\NTREGOPT.lnk
[2009/08/19 15:34:42 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Christian Street\Desktop\ERUNT.lnk
[2009/08/19 15:24:40 | 00,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/08/19 15:24:33 | 00,001,088 | ---- | M] () -- C:\Documents and Settings\Christian Street\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
[2009/08/19 15:23:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/19 15:23:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/19 15:23:10 | 16,085,68832 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/19 02:21:00 | 00,119,808 | ---- | M] () -- C:\Documents and Settings\Christian Street\My Documents\Workout.doc
[2009/08/19 01:03:55 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/18 16:37:01 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006Core.job
[2009/08/18 11:16:26 | 00,001,806 | -H-- | M] () -- C:\Documents and Settings\Christian Street\My Documents\Default.rdp
[2009/08/18 10:31:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/08 15:07:54 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/06 00:47:21 | 00,065,451 | ---- | M] () -- C:\Documents and Settings\Christian Street\My Documents\AR15.com CLASSIFIEDS - Sig Sauer 229 .40 4 mags.htm.40 4 mags

========== LOP Check ==========

[2009/08/19 14:46:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/13 00:11:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/07 10:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/11/18 00:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/04/23 15:24:00 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/23 15:39:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2008/02/26 09:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/02/25 15:08:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2005/11/10 19:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontStore Assessment
[2007/02/03 16:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2005/12/03 22:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/06/22 15:06:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/07/11 19:08:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Naked
[2007/12/31 13:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2005/11/10 22:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2004/08/10 15:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/11/17 18:32:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/01/28 20:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/08/19 11:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/02/28 17:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/07/02 10:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/04/29 20:17:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Christian Street\Application Data
[2006/03/10 23:37:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Ahead
[2007/12/31 13:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Aim
[2007/12/28 02:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\ArcSoft
[2009/07/29 15:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Canon
[2005/12/07 20:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Corel
[2005/11/15 21:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\CyberLink
[2009/01/22 15:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\ImgBurn
[2007/02/03 16:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Intuit
[2005/11/15 23:40:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Leadertech
[2009/03/18 22:58:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Christian Street\Application Data\Move Networks
[2007/02/03 14:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\OfficeUpdate12
[2005/11/18 01:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Simple Star
[2006/11/27 21:11:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Smith Micro
[2005/12/01 20:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Snapfish
[2008/03/28 22:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Systweak
[2008/03/30 11:19:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Uniblue
[2009/05/01 12:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\uTorrent
[2009/07/21 11:42:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\Vso
[2009/07/02 23:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\ZoomBrowser EX
[2009/08/18 10:31:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/18 16:37:01 | 00,000,970 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006Core.job
[2009/08/19 15:37:00 | 00,001,022 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006UA.job
[2009/08/19 15:23:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
< End of report >


MBAM - WILL NOT RUN

ROOTREPEAL LOG:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/19 15:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6B5E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79B7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: gaopdxlukpekntklkmwvasxfhmxcgmwnndammr.sys
Image Path: C:\WINDOWS\system32\drivers\gaopdxlukpekntklkmwvasxfhmxcgmwnndammr.sys
Address: 0xB6DB7000 Size: 77824 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2711000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: gaopdxserv.sys
Image Path: C:\WINDOWS\system32\drivers\gaopdxlukpekntklkmwvasxfhmxcgmwnndammr.sys

==EOF==
  • 0

Advertisements

#2
heir
Posted 19 August 2009 - 02:41 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello ezstreet1 !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Step 1.
ComboFix:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt .

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

  • The content of C:\ComboFix.txt from step 1.
  • The content of C:\lopR.txt from step 2.
  • The content of Extras.txt from when you ran OTL previously. It will reside in this folder C:\Documents and Settings\Christian Street\My Documents\Downloads
  • The content of C:\Qoobox\Add-Remove Programs.txt.

  • 0

#3
ezstreet1
Posted 19 August 2009 - 09:07 PM

ezstreet1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Well, I seem to have had some sort of problem. I ran combofix. Once it completed, I attempted to go back to the webpage to download step two, but I am no longer able to connect to the internet. The local area connection shows that it is connected. I reset the modem and router to no avail. Both of my roommates computers are able to connect, so I am at a loss as to why I am not able to.

I have included the information that I have. I do not of course have the txt file from step two.

Thanks for your help!
--Christian


ComboFix 09-08-19.01 - Christian Street 08/19/2009 22:06.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1036 [GMT -4:00]
Running from: c:\documents and settings\Christian Street\Desktop\Combo-Fix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active

.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Christian Street\Application Data\inst.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Fonts\WPHV07NB.TTF
c:\windows\Fonts\ZWAdobeF.TTF
c:\windows\Installer\1c2ebd73.msp
c:\windows\Installer\481dca62.msp
c:\windows\Installer\530f9e5.msp
c:\windows\Installer\530fa4b.msp
c:\windows\Installer\63c7cf3.msi
c:\windows\system32\drivers\gaopdxlukpekntklkmwvasxfhmxcgmwnndammr.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxsojhupumqlvguqhxydwxprfwffdougtq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Legacy_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-19 19:34 . 2009-08-19 19:34 -------- d-----w- c:\program files\ERUNT
2009-08-19 05:59 . 2009-08-19 18:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-19 04:58 . 2004-05-11 14:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2009-08-19 04:58 . 2003-11-19 18:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2009-08-19 04:58 . 2000-07-15 10:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-08-14 04:45 . 2009-08-14 04:45 152576 ----a-w- c:\documents and settings\Christian Street\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-07-28 19:36 . 2009-07-28 19:37 -------- d-----w- c:\program files\iTunes
2009-07-28 19:30 . 2009-07-28 19:30 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 04:45 . 2005-11-06 20:15 -------- d-----w- c:\program files\Java
2009-07-29 19:27 . 2009-04-23 20:04 -------- d-----w- c:\documents and settings\Christian Street\Application Data\Canon
2009-07-28 19:36 . 2006-04-12 02:36 -------- d-----w- c:\program files\iPod
2009-07-28 19:36 . 2007-07-14 20:43 -------- d-----w- c:\program files\Common Files\Apple
2009-07-25 09:23 . 2009-01-22 17:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 15:42 . 2008-02-28 19:37 -------- d-----w- c:\documents and settings\Christian Street\Application Data\Vso
2009-07-21 15:42 . 2009-06-02 23:28 -------- d-----w- c:\program files\DVDFab 6
2009-07-03 03:24 . 2007-07-08 01:05 -------- d-----w- c:\documents and settings\Christian Street\Application Data\ZoomBrowser EX
2009-07-02 14:26 . 2009-04-07 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-06-22 19:06 . 2009-06-22 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2009-06-15 16:42 . 2009-06-15 16:42 152576 ----a-w- c:\documents and settings\Christian Street\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-29 17:36 . 2009-03-13 04:05 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 17:36 . 2007-11-21 03:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-12-20 01:46 . 2006-02-13 02:13 56 --sh--r- c:\windows\system32\CEA8084969.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"QuickenScheduledUpdates"="c:\program files\Quicken\bagent.exe" [2007-05-07 87592]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Google Update"="c:\documents and settings\Christian Street\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-01 2292672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2007-12-28 364544]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]

c:\documents and settings\Christian Street\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe [2008-2-6 446464]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-3 113664]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-12-28 98304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Christian Street^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
backup=c:\windows\pss\V CAST Music Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bodog Poker\\BPGame.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

S4 Swp48vcidw;Swp48vcidw;c:\windows\system32\drivers\symc8xx.sys [8/10/2004 3:28 PM 32640]
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006Core.job
- c:\documents and settings\Christian Street\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 19:47]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006UA.job
- c:\documents and settings\Christian Street\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 19:47]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
HKLM-Run-NWEReboot - (no file)
Notify-winadr32 - winadr32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?sourceid=navclient&ie=UTF-8&hl=en
uDefault_Search_URL = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} - hxxp://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
FF - ProfilePath - c:\documents and settings\Christian Street\Application Data\Mozilla\Firefox\Profiles\5ec15b0j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?sourceid=navclient&ie=UTF-8&hl=en
FF - plugin: c:\documents and settings\Christian Street\Application Data\Mozilla\Firefox\Profiles\5ec15b0j.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\Christian Street\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 22:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-20 22:18
ComboFix-quarantined-files.txt 2009-08-20 02:17

Pre-Run: 3,065,434,112 bytes free
Post-Run: 3,031,642,112 bytes free

181 --- E O F --- 2009-03-08 08:01



Extras.text:
OTL Extras logfile created on: 8/19/2009 3:51:53 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Christian Street\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.54% Memory free
2.86 Gb Paging File | 2.51 Gb Available in Paging File | 87.99% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 2.96 Gb Free Space | 4.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 28.06 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CST
Current User Name: Christian Street
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Christian Street\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE" = C:\Program Files\Maxis\SimCity 3000 Unlimited\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bodog Poker\BPGame.exe" = C:\Program Files\Bodog Poker\BPGame.exe:*:Enabled:Bodog Poker -- (Bodog)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"AudibleDownloadManager" = Audible Download Manager
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"Bodog Poker_is1" = Bodog Poker Version 2.16.1.52
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon iP3600 series User Registration" = Canon iP3600 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CSCLIB" = Canon Camera Support Core Library
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.2
"DVDFab 6_is1" = DVDFab 6.0.2.2 (June 26, 2009)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"LimeWire" = LimeWire 5.1.2
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PokerStars.net" = PokerStars.net
"PROSet" = Intel® PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealFlightG4Pro" = RealFlight G4 R/C Simulator
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SimCity 3000 Unlimited" = SimCity 3000 Unlimited
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VCast Music Essentials Manager" = V CAST Music Essentials Manager
"Weather Services" = Weather Services
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check" = ESPN Java Check
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2009 3:24:29 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

Error - 8/19/2009 3:24:29 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

Error - 8/19/2009 3:24:29 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

Error - 8/19/2009 3:24:29 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

Error - 8/19/2009 3:24:29 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

Error - 8/19/2009 3:24:41 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

Error - 8/19/2009 3:24:41 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

Error - 8/19/2009 3:24:41 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

Error - 8/19/2009 3:24:41 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

Error - 8/19/2009 3:24:41 PM | Computer Name = CST | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 8/19/2009 3:45:30 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/19/2009 3:45:31 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/19/2009 3:47:31 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/19/2009 3:47:31 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/19/2009 3:49:31 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/19/2009 3:49:31 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/19/2009 3:51:05 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/19/2009 3:51:05 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/19/2009 3:51:32 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 8/19/2009 3:51:32 PM | Computer Name = CST | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >



Qoobox\Add-Remove Programs.txt.

µTorrent
Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 6.0.1
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.5
AnyDVD
AOLIcon
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
AutoCAD 2000
BitPim 1.0.6
Bodog Poker Version 2.16.1.52
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon iP3600 series Printer Driver
Canon iP3600 series User Registration
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities PhotoStitch
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CCHelp
Dell Driver Reset Tool
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.2
DVDFab 6.0.2.2 (June 26, 2009)
EducateU
ERUNT 1.1j
ESPN Java Check
Eusing Free Registry Cleaner
Full Tilt Poker
Google Chrome
Google Earth
Google Gmail Notifier
Google Toolbar for Internet Explorer
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ImgBurn
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 6
Japanese Fonts Support For Adobe Reader 8
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 15
Java™ 6 Update 3
Java™ 6 Update 5
KB408682
Lernout & Hauspie TruVoice American English TTS Engine
LG USB Modem Drivers
LimeWire 5.1.2
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Player for Internet Explorer
Mozilla Firefox (3.0.11)
MS Access 97 SP2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero PhotoShow Express
Nero Suite
NVIDIA Drivers
OpenOffice.org Installer 1.0
PokerStars.net
PowerDVD 5.9
Quicken 2007
QuickTime
RealFlight G4 R/C Simulator
RealPlayer
Respondus LockDown Browser
Rhapsody Player Engine
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SimCity 3000 Unlimited
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
The Weather Channel Desktop 6
The Weather Channel Toolbar
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
V CAST Music
V CAST Music Essentials Manager
V CAST Music with Rhapsody
WD Backup
WD Diagnostics
WD Firewire HID Driver
Weather Services
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Xvid 1.2.1 final uninstall
  • 0

#4
heir
Posted 20 August 2009 - 11:09 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

I am no longer able to connect to the internet.

I assume that you are posting from another computer now.
Do you have a memorystick that can be used to transfer files with?

If so perform step 0 on the computer (clean) you are posting from.

Step 0.
Flash disinfecter:


Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Use the disinfected memorystick to transfer tools/logs between the computers.


Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following:

LimeWire 5.1.2
µTorrent

Optional removals
Limewire, µTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
Lop S&D:
You'll need to download this tool to the memorystick and transfer it to the infected computer.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
OTL-scan:

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    C:\WINDOWS\system32\eventlog.dll
    C:\WINDOWS\system32\scecli.dll
    C:\WINDOWS\netlogon.dll
    C:\windows\system32\cngaudit.dll
    C:\WINDOWS\system32\sceclt.dll
    c:\windows\ntelogon.dll
    C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}
    C:\WINDOWS\addins\addins
    C:\WINDOWS\AppPatch\Custom\Custom
    C:\Windows\AppPatch\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTL.Txt that's saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 4.
RootRepeal:

  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Step 5.
Things I would like to see in your reply:
Transfer the logs to the computer you are posting from with the memorystick

  • Which P2P programs were removed in step 1.
  • The content of C:\lopR.txt from step 2.
  • The content of OTL.txt from step 3.
  • The content of RootRepeal.txt from step 4.

Edited by heir, 20 August 2009 - 11:09 AM.

  • 0

#5
ezstreet1
Posted 22 August 2009 - 12:44 PM

ezstreet1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I removed both Limewire and uTorrent.

I did seem to have a problem running RootRepeal. A window titled "Root Repeal Error" came up. The contents were:

Exception Address: 0x04eca19

RootRepeal did create two files to the desktop. I attempted to attach the file but received the following error: Upload failed. You are not permitted to upload this type of file
The files are named:

RootRepeal.dmp
settings.dat


Thanks!

loopR.text:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.53GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A00
USER : Christian Street ( Administrator )
BOOT : Normal boot
Antivirus : VirusScan Enterprise + AntiSpyware Enterprise 8.5.0.781 (Not Activated)
Firewall : McAfee Personal Firewall Plus (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:2 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:298 Go (Free:28 Go)
G:\ (USB) - FAT32 - Total:3848 Mo (Free:2 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 08/22/2009|12:26 )

--------------------\\ Listing folders in APPLIC~1

[03/13/2009|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[04/07/2009|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[07/29/2009|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/18/2005|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[11/09/2005|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[07/14/2007|04:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[10/14/2006|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[04/23/2009|03:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[04/23/2009|03:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonIJEGV
[02/26/2008|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[02/25/2009|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[11/10/2005|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FrontStore Assessment
[09/12/2006|03:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/06/2005|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[11/06/2005|04:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[02/03/2007|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[12/31/2007|03:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[11/18/2007|08:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[12/03/2005|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macrovision
[12/31/2007|03:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/03/2007|02:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[06/22/2009|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSScanAppDataDir
[07/11/2006|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Naked
[12/31/2007|01:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Network Associates
[01/26/2008|05:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[11/10/2005|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[11/21/2005|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/10/2004|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[11/17/2008|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SlySoft
[01/28/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[08/19/2007|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[02/28/2008|05:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> vsosdk
[05/14/2006|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[07/02/2009|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ZoomBrowser

[07/29/2009|04:08] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Adobe
[12/20/2007|10:33] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> AdobeUM
[03/10/2006|11:37] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Ahead
[12/31/2007|01:20] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Aim
[03/18/2008|10:41] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Apple Computer
[12/28/2007|02:48] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> ArcSoft
[07/29/2009|03:27] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Canon
[12/07/2005|08:31] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Corel
[11/15/2005|09:42] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> CyberLink
[01/17/2009|08:26] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> DivX
[09/17/2006|02:33] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Google
[04/11/2007|11:42] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Gtek
[02/13/2006|11:41] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Help
[08/10/2004|03:08] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Identities
[01/22/2009|03:05] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> ImgBurn
[04/29/2009|08:17] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> InstallShield
[02/03/2007|04:35] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Intuit
[05/15/2007|03:15] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Lavasoft
[11/15/2005|11:40] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Leadertech
[11/09/2005|11:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Macromedia
[08/14/2008|01:18] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Microsoft
[03/18/2009|10:58] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Move Networks
[08/26/2008|06:37] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Mozilla
[02/03/2007|02:55] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> OfficeUpdate12
[09/12/2008|02:02] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Real
[11/18/2005|01:01] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Simple Star
[11/27/2006|09:11] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Smith Micro
[12/01/2005|08:52] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Snapfish
[11/15/2005|11:40] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Sonic
[11/06/2005|04:15] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Sun
[03/28/2008|10:49] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Systweak
[03/30/2008|11:19] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Uniblue
[05/01/2009|12:34] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> uTorrent
[07/21/2009|11:42] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> Vso
[07/02/2009|11:24] C:\DOCUME~1\CHRIST~1\APPLIC~1\<DIR> ZoomBrowser EX

[08/10/2004|03:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[11/06/2005|04:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/06/2005|04:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[09/13/2006|05:41] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Google
[04/11/2007|11:18] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Gtek
[08/10/2004|03:08] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[01/31/2006|06:48] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Macromedia
[11/06/2005|04:18] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft
[11/06/2005|04:15] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Sun

[05/11/2007|05:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intuit
[11/11/2005|04:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[03/04/2008|09:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/23/2007|03:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Intuit
[07/11/2007|03:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[08/22/2009 11:37 AM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006UA.job
[08/21/2009 04:37 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006Core.job
[08/18/2009 10:31 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/19/2009 10:45 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/12/2006|01:09] C:\Program Files\<DIR> ACAD2000
[04/07/2009|02:05] C:\Program Files\<DIR> Adobe
[03/30/2008|12:10] C:\Program Files\<DIR> Advanced System Optimizer
[11/13/2008|09:26] C:\Program Files\<DIR> Ahead
[12/31/2007|01:20] C:\Program Files\<DIR> AIM
[11/06/2005|04:05] C:\Program Files\<DIR> Analog Devices
[11/15/2005|07:24] C:\Program Files\<DIR> AOD
[08/08/2008|03:01] C:\Program Files\<DIR> Apple Software Update
[05/11/2006|12:47] C:\Program Files\<DIR> Audible
[09/12/2008|03:42] C:\Program Files\<DIR> BitPim
[11/12/2008|03:32] C:\Program Files\<DIR> Bodog Poker
[01/13/2009|12:48] C:\Program Files\<DIR> Bonjour
[04/23/2009|03:38] C:\Program Files\<DIR> Canon
[04/23/2009|03:23] C:\Program Files\<DIR> CanonBJ
[08/19/2009|10:12] C:\Program Files\<DIR> Common Files
[08/10/2004|03:02] C:\Program Files\<DIR> ComPlus Applications
[02/16/2008|12:52] C:\Program Files\<DIR> CyberLink
[03/23/2008|12:22] C:\Program Files\<DIR> Dell
[01/28/2008|08:11] C:\Program Files\<DIR> Dell Support Center
[04/11/2007|11:17] C:\Program Files\<DIR> DellSupport
[01/19/2009|12:51] C:\Program Files\<DIR> DesktopEarth
[11/17/2008|04:28] C:\Program Files\<DIR> DVD Decrypter
[02/28/2008|10:17] C:\Program Files\<DIR> DVD Shrink
[12/30/2008|12:56] C:\Program Files\<DIR> DVDFab 5
[07/21/2009|11:42] C:\Program Files\<DIR> DVDFab 6
[02/29/2008|01:02] C:\Program Files\<DIR> DVDneXtCOPY2
[08/19/2009|03:34] C:\Program Files\<DIR> ERUNT
[03/30/2008|12:06] C:\Program Files\<DIR> Eusing Free Registry Cleaner
[03/01/2008|12:03] C:\Program Files\<DIR> Full Tilt Poker
[03/15/2008|08:10] C:\Program Files\<DIR> Google
[11/17/2008|04:42] C:\Program Files\<DIR> ImgBurn
[04/29/2009|08:17] C:\Program Files\<DIR> InstallShield Installation Information
[11/06/2005|04:17] C:\Program Files\<DIR> Intel
[02/13/2009|04:03] C:\Program Files\<DIR> Internet Explorer
[02/03/2007|04:02] C:\Program Files\<DIR> Intuit
[07/28/2009|03:36] C:\Program Files\<DIR> iPod
[07/28/2009|03:37] C:\Program Files\<DIR> iTunes
[08/14/2009|12:45] C:\Program Files\<DIR> Java
[12/31/2007|03:04] C:\Program Files\<DIR> Kodak
[11/18/2007|08:59] C:\Program Files\<DIR> Lavasoft
[11/27/2006|09:00] C:\Program Files\<DIR> LG Drivers
[09/12/2008|03:23] C:\Program Files\<DIR> LG Electronics
[08/19/2009|02:49] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/08/2006|02:49] C:\Program Files\<DIR> Maxis
[12/31/2007|03:19] C:\Program Files\<DIR> McAfee
[09/03/2008|04:38] C:\Program Files\<DIR> Messenger
[02/24/2006|02:16] C:\Program Files\<DIR> Microsoft ActiveSync
[08/10/2004|03:04] C:\Program Files\<DIR> microsoft frontpage
[02/03/2007|02:25] C:\Program Files\<DIR> Microsoft Office
[11/06/2005|04:19] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[11/06/2005|04:19] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[03/19/2009|01:18] C:\Program Files\<DIR> Microsoft Silverlight
[02/03/2007|02:25] C:\Program Files\<DIR> Microsoft Visual Studio
[02/03/2007|02:36] C:\Program Files\<DIR> Microsoft Works
[02/24/2006|02:15] C:\Program Files\<DIR> Microsoft.NET
[11/06/2005|04:16] C:\Program Files\<DIR> Modem Helper
[11/06/2005|04:17] C:\Program Files\<DIR> Modem On Hold
[09/03/2008|04:31] C:\Program Files\<DIR> Movie Maker
[08/19/2009|10:43] C:\Program Files\<DIR> Mozilla Firefox
[08/10/2004|03:01] C:\Program Files\<DIR> MSN
[08/10/2004|03:01] C:\Program Files\<DIR> MSN Gaming Zone
[11/16/2006|04:02] C:\Program Files\<DIR> MSXML 4.0
[11/06/2005|04:18] C:\Program Files\<DIR> MUSICMATCH
[12/28/2007|02:46] C:\Program Files\<DIR> My Book
[11/18/2005|01:01] C:\Program Files\<DIR> Nero
[09/03/2008|04:27] C:\Program Files\<DIR> NetMeeting
[03/02/2006|10:36] C:\Program Files\<DIR> Network Associates
[08/10/2004|03:01] C:\Program Files\<DIR> Online Services
[09/03/2008|04:27] C:\Program Files\<DIR> Outlook Express
[12/04/2007|02:18] C:\Program Files\<DIR> PartyGaming
[12/03/2005|10:50] C:\Program Files\<DIR> Poker Pal Pro Edition
[12/04/2007|02:18] C:\Program Files\<DIR> PokerStars
[06/05/2008|11:19] C:\Program Files\<DIR> PokerStars.NET
[11/18/2007|06:52] C:\Program Files\<DIR> QFIT
[05/27/2007|11:56] C:\Program Files\<DIR> Quicken
[06/07/2009|11:17] C:\Program Files\<DIR> QuickTime
[09/12/2008|02:01] C:\Program Files\<DIR> Real
[01/25/2008|10:08] C:\Program Files\<DIR> RealFlightG4
[04/29/2009|08:17] C:\Program Files\<DIR> Respondus LockDown Browser
[06/07/2009|11:06] C:\Program Files\<DIR> Safari
[11/17/2008|06:27] C:\Program Files\<DIR> SlySoft
[11/13/2005|03:50] C:\Program Files\<DIR> Sonic
[05/13/2007|05:45] C:\Program Files\<DIR> Stardock
[01/22/2009|01:05] C:\Program Files\<DIR> Sun
[05/21/2009|03:35] C:\Program Files\<DIR> The Weather Channel FW
[12/20/2007|10:41] C:\Program Files\<DIR> The Weather Channel Toolbar
[12/31/2007|06:01] C:\Program Files\<DIR> themexp
[08/10/2004|03:08] C:\Program Files\<DIR> Uninstall Information
[09/12/2008|08:44] C:\Program Files\<DIR> V CAST Music with Rhapsody
[11/27/2006|09:51] C:\Program Files\<DIR> Verizon Wireless
[08/19/2007|11:50] C:\Program Files\<DIR> Viewpoint
[11/06/2005|04:27] C:\Program Files\<DIR> WebCyberCoach
[12/28/2007|02:44] C:\Program Files\<DIR> Western Digital Technologies
[11/13/2008|09:09] C:\Program Files\<DIR> Windows Media Connect 2
[11/13/2008|09:10] C:\Program Files\<DIR> Windows Media Player
[09/03/2008|04:27] C:\Program Files\<DIR> Windows NT
[08/10/2004|03:02] C:\Program Files\<DIR> WindowsUpdate
[06/07/2006|06:51] C:\Program Files\<DIR> WinRAR
[11/06/2005|04:23] C:\Program Files\<DIR> WordPerfect Office 12
[08/10/2004|03:04] C:\Program Files\<DIR> xerox
[02/23/2009|12:47] C:\Program Files\<DIR> Xvid
[11/06/2005|04:19] C:\Program Files\<DIR> Your Company Name

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/21/2008|01:15] C:\Program Files\Common Files\<DIR> Adobe
[12/03/2005|10:12] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[11/18/2005|12:55] C:\Program Files\Common Files\<DIR> Ahead
[11/09/2005|10:06] C:\Program Files\Common Files\<DIR> AOL
[07/28/2009|03:36] C:\Program Files\Common Files\<DIR> Apple
[02/10/2006|03:41] C:\Program Files\Common Files\<DIR> Autodesk Shared
[11/06/2005|04:22] C:\Program Files\Common Files\<DIR> Borland Shared
[07/04/2007|01:14] C:\Program Files\Common Files\<DIR> Canon
[03/02/2006|10:36] C:\Program Files\Common Files\<DIR> Cisco Systems
[11/06/2005|04:22] C:\Program Files\Common Files\<DIR> Corel
[02/24/2006|02:15] C:\Program Files\Common Files\<DIR> DESIGNER
[02/29/2008|01:02] C:\Program Files\Common Files\<DIR> DistributeShield
[11/06/2005|04:24] C:\Program Files\Common Files\<DIR> InstallShield
[12/04/2007|02:20] C:\Program Files\Common Files\<DIR> Intuit
[11/06/2005|04:15] C:\Program Files\Common Files\<DIR> Java
[01/29/2008|07:49] C:\Program Files\Common Files\<DIR> KnifeEdge
[02/03/2007|02:27] C:\Program Files\Common Files\<DIR> L&H
[12/31/2007|03:18] C:\Program Files\Common Files\<DIR> McAfee
[02/03/2007|02:36] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/10/2004|03:02] C:\Program Files\Common Files\<DIR> MSSoap
[11/18/2005|12:57] C:\Program Files\Common Files\<DIR> Nero
[12/31/2007|01:44] C:\Program Files\Common Files\<DIR> Network Associates
[11/06/2005|04:20] C:\Program Files\Common Files\<DIR> Nullsoft
[08/10/2004|02:57] C:\Program Files\Common Files\<DIR> ODBC
[02/03/2007|04:35] C:\Program Files\Common Files\<DIR> Palo Alto Software
[04/28/2006|12:27] C:\Program Files\Common Files\<DIR> Real
[08/10/2004|03:02] C:\Program Files\Common Files\<DIR> Services
[11/13/2005|03:55] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/10/2004|02:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/28/2008|08:10] C:\Program Files\Common Files\<DIR> supportsoft
[09/03/2008|04:27] C:\Program Files\Common Files\<DIR> System
[11/18/2007|08:58] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[04/28/2006|12:27] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 64 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\CHRIST~1\Cookies\christian_street@advertising[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 12:28:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\CHRIST~1\Cookies\[email protected][2].txt
C:\DOCUME~1\CHRIST~1\Cookies\[email protected][2].txt
C:\DOCUME~1\CHRIST~1\My Documents\Downloaded Programs\Adobe Photoshop CS2 KeyGen Serial Crack
C:\DOCUME~1\CHRIST~1\My Documents\Downloaded Programs\Adobe Photoshop CS2 KeyGen Serial Crack\Adobe Photoshop CS Activator.exe
C:\DOCUME~1\CHRIST~1\My Documents\Downloaded Programs\Adobe Photoshop CS2 KeyGen Serial Crack\diaryone.chm
C:\DOCUME~1\CHRIST~1\Shared\Gorilla Zoe - Welcome To The Zoo - [h33t] [redman32191]\05 Crack Muzik (This That Muzik) (Fe.mp3


[F:8][D:2]-> C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
[F:1412][D:0]-> C:\DOCUME~1\CHRIST~1\Cookies
[F:16][D:4]-> C:\DOCUME~1\CHRIST~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 08/22/2009|12:30 - Option : [1]

--------------------\\ Scan completed at 12:30:17


OTL.txt:

OTL logfile created on: 8/22/2009 1:45:09 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Christian Street\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 57.32% Memory free
2.86 Gb Paging File | 2.48 Gb Available in Paging File | 87.02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 2.98 Gb Free Space | 4.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 28.05 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
Drive G: | 3.76 Gb Total Space | 2.71 Gb Free Space | 72.10% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CST
Current User Name: Christian Street
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2006/12/19 12:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/04/19 00:26:00 | 00,159,810 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/10/14 21:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/27 03:02:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/05/31 06:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2006/12/19 12:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2003/09/03 22:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2007/12/28 02:44:44 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2007/02/22 21:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/03/17 21:06:00 | 01,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/02/25 20:28:03 | 00,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2007/06/13 17:40:29 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/05/07 14:17:44 | 00,087,592 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\bagent.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2003/05/15 02:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2006/09/07 16:21:38 | 00,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2006/12/19 16:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/09/20 09:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2009/08/19 15:49:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christian Street\Desktop\OTL.exe
PRC - [2004/07/27 18:50:04 | 00,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2005/12/03 22:12:05 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2007/01/25 01:11:16 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Auto | Paused])
SRV - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/12/17 15:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2007/04/19 00:26:00 | 00,159,810 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2008/12/01 12:52:14 | 00,103,360 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/04/22 04:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2005/04/21 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2004/02/10 22:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2008/07/21 08:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2004/03/06 06:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/06 06:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/16 05:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2006/11/30 09:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2006/11/30 09:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2006/11/30 09:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2007/02/22 21:50:00 | 00,170,408 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2006/11/30 09:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2006/11/30 09:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/06 06:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2007/04/19 00:26:00 | 03,988,384 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/12/10 13:18:28 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/01/26 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2006/04/10 01:02:17 | 00,162,816 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/09/17 16:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2005/03/22 19:08:40 | 00,260,224 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/05/13 11:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2005/05/13 11:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\symc8xx.sys -- (Swp48vcidw [Disabled | Stopped])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2005/05/31 06:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2005/05/31 06:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/07/23 09:23:44 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/07/23 09:23:46 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/07/23 09:23:46 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...n...UTF-8&hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...ie=UTF-8&hl=en"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/22 13:05:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/30 16:10:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/30 16:10:11 | 00,000,000 | ---D | M]

[2009/05/02 21:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Extensions
[2008/08/26 18:37:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/02 21:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Extensions\[email protected]
[2009/06/30 15:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions
[2009/01/07 10:58:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/25 13:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/03/16 23:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christian Street\Application Data\mozilla\Firefox\Profiles\5ec15b0j.default\extensions\[email protected]
[2009/08/14 00:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/30 16:10:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/21 13:02:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/15 22:16:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/06/15 12:43:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/14 00:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/06/30 16:09:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/30 16:09:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/30 16:10:01 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/07 11:17:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/30 16:10:06 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/30 16:10:06 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/30 16:10:06 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/30 16:10:06 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/30 16:10:06 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/30 16:10:06 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/30 16:10:06 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\System32\TwcToolbarBho.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Christian Street\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Christian Street\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} https://stores.music...NugsActiveX.cab (dlControl.UserControl1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia....tupv2.0.0.9.cab? (Photo Upload Plugin Class)
O16 - DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} http://xmro.xmradio..../xmprofiler.CAB (XMRADIO.XM_SystemProfiler)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/27 08:52:18 | 00,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2009/08/20 16:04:50 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1b1753dc-80f2-11dd-9bbf-0013208fc6b5}\Shell - "" = AutoRun
O33 - MountPoints2\{1b1753dc-80f2-11dd-9bbf-0013208fc6b5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b1753dc-80f2-11dd-9bbf-0013208fc6b5}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[6 C:\DOCUME~1\CHRIST~1\My Documents\*.tmp files]
[2009/08/22 12:25:59 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/08/22 12:25:37 | 00,501,736 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\LopSD.exe
[2009/08/22 12:24:48 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/19 22:16:00 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/19 22:16:00 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/19 22:16:00 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/19 22:16:00 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/19 22:16:00 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/19 22:15:59 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/19 22:15:59 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/19 22:15:59 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/19 22:15:59 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/19 22:15:59 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/19 22:15:59 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/19 22:15:59 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/19 22:15:59 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/19 22:15:59 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/19 22:15:59 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/19 22:15:59 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/19 22:15:59 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/19 22:15:59 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll
[2009/08/19 22:15:59 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/19 22:15:58 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/19 22:15:58 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/19 22:15:58 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/19 22:15:58 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/19 22:15:58 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/19 22:15:58 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/19 22:15:58 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/19 22:15:58 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/19 22:15:58 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/19 22:15:58 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/19 22:15:58 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/19 22:15:58 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/19 22:15:58 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/19 22:15:58 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/19 22:15:57 | 03,594,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/19 22:15:57 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/19 22:15:57 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/19 22:15:57 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/19 22:15:57 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/19 22:15:57 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/19 22:15:57 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/19 22:15:57 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/19 22:15:57 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/19 22:15:57 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/19 22:15:57 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/19 22:15:57 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/19 22:15:57 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/19 22:15:56 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/19 22:15:56 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/19 22:15:56 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/19 22:15:56 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/19 22:15:56 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/19 22:15:56 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/19 22:15:56 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/19 22:15:56 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/19 22:15:56 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/19 22:15:56 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/19 22:15:56 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/19 22:15:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/19 22:15:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/19 21:52:44 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/19 21:52:39 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/19 21:52:35 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/08/19 21:49:08 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/19 21:49:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/19 21:49:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/19 21:49:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/19 21:49:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/19 21:49:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/19 21:49:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/19 21:49:08 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/19 21:45:45 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/19 21:45:11 | 03,166,768 | R--- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\Combo-Fix.exe
[2009/08/19 15:49:41 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\OTL.exe
[2009/08/19 15:47:29 | 00,472,064 | ---- | C] ( ) -- C:\DOCUME~1\CHRIST~1\Desktop\RootRepeal.exe
[2009/08/19 15:35:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/19 15:34:42 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\NTREGOPT.lnk
[2009/08/19 15:34:42 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\Desktop\ERUNT.lnk
[2009/08/19 15:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/19 15:20:20 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\TFC.exe
[2009/08/19 02:21:00 | 00,119,808 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\Workout.doc
[2009/08/19 01:59:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/19 00:58:27 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2009/08/19 00:58:27 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/08/19 00:58:27 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2009/08/19 00:58:26 | 01,435,272 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2009/08/19 00:58:26 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2009/08/19 00:58:26 | 00,265,753 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\AS-Exp2.ocx
[2009/08/19 00:58:26 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2009/08/19 00:58:26 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009/08/19 00:58:26 | 00,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2009/08/19 00:58:26 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systray.ocx
[2009/08/19 00:58:26 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2009/08/14 00:45:58 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/14 00:45:58 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/14 00:45:58 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/06 00:47:21 | 00,065,451 | ---- | C] () -- C:\DOCUME~1\CHRIST~1\My Documents\AR15.com CLASSIFIEDS - Sig Sauer 229 .40 4 mags.htm.40 4 mags
[2009/08/06 00:47:21 | 00,000,000 | ---D | C] -- C:\DOCUME~1\CHRIST~1\My Documents\AR15.com CLASSIFIEDS - Sig Sauer 229 .40 4 mags.htm_files
[2009/07/31 13:58:20 | 00,001,528 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\ImgBurn.lnk
[2009/07/28 15:37:22 | 00,002,137 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/07/28 15:36:24 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/02/23 12:47:05 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/23 12:47:04 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/06 19:23:07 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/01/26 16:52:45 | 01,019,904 | R--- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/26 16:52:44 | 01,703,936 | R--- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/26 16:52:44 | 00,466,944 | R--- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/26 16:52:43 | 01,474,560 | R--- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/26 16:52:38 | 00,286,720 | R--- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/26 16:52:21 | 00,581,632 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/01/26 16:52:21 | 00,212,992 | R--- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008/01/25 22:18:57 | 00,000,141 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2007/12/31 15:19:01 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/12/20 22:41:31 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2007/12/20 22:41:31 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2007/05/15 11:08:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/05/13 17:45:59 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007/02/03 16:34:20 | 00,000,222 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/16 21:14:36 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Christian Street.ini
[2006/02/24 02:17:33 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/12 22:13:45 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\CEA8084969.sys
[2006/02/10 15:43:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2005/11/21 10:27:58 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/09 22:05:42 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/06 16:29:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/06 16:21:20 | 00,000,460 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/06 15:58:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/11/06 15:58:30 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/31 12:43:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/06/22 14:37:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:51:28 | 00,000,693 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 14:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/28 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[6 C:\DOCUME~1\CHRIST~1\My Documents\*.tmp files]
[2009/08/22 13:37:14 | 00,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006UA.job
[2009/08/21 16:37:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1833889788-1610151935-2337338265-1006Core.job
[2009/08/20 16:09:44 | 00,501,736 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\LopSD.exe
[2009/08/19 22:47:49 | 00,001,088 | ---- | M] () -- C:\Documents and Settings\Christian Street\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
[2009/08/19 22:47:47 | 00,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/08/19 22:45:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/19 22:44:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/19 22:44:43 | 16,085,68832 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/19 22:28:04 | 00,384,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/19 22:28:04 | 00,054,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/19 22:28:03 | 00,445,694 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/19 22:15:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/19 21:52:45 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/19 21:45:11 | 03,166,768 | R--- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\Combo-Fix.exe
[2009/08/19 15:49:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\OTL.exe
[2009/08/19 15:47:30 | 00,472,064 | ---- | M] ( ) -- C:\DOCUME~1\CHRIST~1\Desktop\RootRepeal.exe
[2009/08/19 15:34:42 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\NTREGOPT.lnk
[2009/08/19 15:34:42 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\ERUNT.lnk
[2009/08/19 15:20:21 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\CHRIST~1\Desktop\TFC.exe
[2009/08/19 02:21:00 | 00,119,808 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\Workout.doc
[2009/08/19 01:03:55 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/18 11:16:26 | 00,001,806 | -H-- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\Default.rdp
[2009/08/18 10:31:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/08 15:07:54 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/08/08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/06 00:47:21 | 00,065,451 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\My Documents\AR15.com CLASSIFIEDS - Sig Sauer 229 .40 4 mags.htm.40 4 mags
[2009/08/01 03:37:08 | 00,002,365 | ---- | M] () -- C:\DOCUME~1\CHRIST~1\Desktop\Google Chrome.lnk
[2009/07/31 13:58:20 | 00,001,528 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\ImgBurn.lnk
[2009/07/29 14:49:27 | 00,135,168 | ---- | M] () -- C:\Documents and Settings\Christian Street\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/25 05:23:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/25 05:23:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/25 03:00:33 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< C:\WINDOWS\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< C:\WINDOWS\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< C:\WINDOWS\netlogon.dll >

< C:\windows\system32\cngaudit.dll >

< C:\WINDOWS\system32\sceclt.dll >

< c:\windows\ntelogon.dll >

< C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF} >

< C:\WINDOWS\addins\addins >

< C:\WINDOWS\AppPatch\Custom\Custom >

< C:\Windows\AppPatch\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF} >
< End of report >
  • 0

#6
ezstreet1
Posted 22 August 2009 - 12:55 PM

ezstreet1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
just noticed these two files titled RootRepeal_crash popped up, I assume one for each time the scan failed.

RootRepeal_crash_082209.135829.txt:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000094
Exception Address: 0x004eca19



RootRepeal_crash_082209.141519.txt:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000094
Exception Address: 0x004eca19
  • 0

#7
heir
Posted 22 August 2009 - 03:42 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

Step 1.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\DOCUME~1\CHRIST~1\APPLIC~1\uTorrent
C:\Program Files\Viewpoint
C:\DOCUME~1\CHRIST~1\Cookies\[email protected][2].txt
C:\DOCUME~1\CHRIST~1\Cookies\[email protected][2].txt
C:\DOCUME~1\CHRIST~1\My Documents\Downloaded Programs\Adobe Photoshop CS2 KeyGen Serial Crack
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog

Step 2.
GMER:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Step 3.
Things I would like to see in your reply:

  • The content of the fixlog from OTL in step 1.
  • The content of GMER.txt from step 2.
  • Information on how your computer is running now.

  • 0

#8
ezstreet1
Posted 23 August 2009 - 06:55 AM

ezstreet1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Step 1:

��A
  • 0

#9
heir
Posted 23 August 2009 - 12:06 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Was that the content from the fixlog?

The fixlog is also located in this folder C:\_OTL\Moved Files named with date and time

What about the log from GMER?

And how's your computer running?
  • 0

#10
ezstreet1
Posted 23 August 2009 - 01:31 PM

ezstreet1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Not sure what happened there.

Step 1:

��A l l p r o c e s s e s k i l l e d

= = = = = = = = = = F I L E S = = = = = = = = = =

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ U s e r S h e l l \ A O L 9 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ U s e r S h e l l m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ R e s o u r c e s \ R e s o u r c e F o l d e r _ 0 3 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ R e s o u r c e s \ R e s o u r c e F o l d e r _ 0 2 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ R e s o u r c e s \ R e s o u r c e F o l d e r _ 0 1 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ R e s o u r c e s \ R e s o u r c e F o l d e r _ 0 0 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ R e s o u r c e s m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ U s e r S h e l l \ A O L 9 P l u s m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ U s e r S h e l l \ A O L 9 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ U s e r S h e l l m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ R e s o u r c e s \ W e l c o m e \ B H 0 0 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ R e s o u r c e s \ W e l c o m e m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ R e s o u r c e s \ R e s o u r c e F o l d e r _ 0 3 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ R e s o u r c e s \ R e s o u r c e F o l d e r _ 0 2 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ R e s o u r c e s \ R e s o u r c e F o l d e r _ 0 1 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ R e s o u r c e s \ R e s o u r c e F o l d e r _ 0 0 m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y \ R e s o u r c e s m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t \ V i e w p o i n t E x p e r i e n c e T e c h n o l o g y m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ A L L U S E ~ 1 \ A P P L I C ~ 1 \ V i e w p o i n t m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ C H R I S T ~ 1 \ A P P L I C ~ 1 \ u T o r r e n t m o v e d s u c c e s s f u l l y .

C : \ P r o g r a m F i l e s \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ N e w C o m p o n e n t s m o v e d s u c c e s s f u l l y .

C : \ P r o g r a m F i l e s \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ D o w n l o a d e d C o m p o n e n t s \ n p V i e w p o i n t _ W i n m o v e d s u c c e s s f u l l y .

C : \ P r o g r a m F i l e s \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ D o w n l o a d e d C o m p o n e n t s m o v e d s u c c e s s f u l l y .

C : \ P r o g r a m F i l e s \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r \ C o m p o n e n t s m o v e d s u c c e s s f u l l y .

C : \ P r o g r a m F i l e s \ V i e w p o i n t \ V i e w p o i n t M e d i a P l a y e r m o v e d s u c c e s s f u l l y .

C : \ P r o g r a m F i l e s \ V i e w p o i n t m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ C H R I S T ~ 1 \ C o o k i e s \ c h r i s t i a n _ s t r e e t @ w w w . c r a c k s [ 2 ] . t x t m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ C H R I S T ~ 1 \ C o o k i e s \ c h r i s t i a n _ s t r e e t @ w w w . g r e a t c r a c k s [ 2 ] . t x t m o v e d s u c c e s s f u l l y .

C : \ D O C U M E ~ 1 \ C H R I S T ~ 1 \ M y D o c u m e n t s \ D o w n l o a d e d P r o g r a m s \ A d o b e P h o t o s h o p C S 2 K e y G e n S e r i a l C r a c k m o v e d s u c c e s s f u l l y .

= = = = = = = = = = C O M M A N D S = = = = = = = = = =



[ E M P T Y T E M P ]



U s e r : A l l U s e r s



U s e r : C h r i s t i a n S t r e e t

- > T e m p f o l d e r e m p t i e d : 1 6 4 9 5 1 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 1 5 0 1 8 3 b y t e s

- > J a v a c a c h e e m p t i e d : 0 b y t e s

- > F i r e F o x c a c h e e m p t i e d : 3 5 4 2 0 9 2 b y t e s

- > G o o g l e C h r o m e c a c h e e m p t i e d : 2 4 1 2 8 3 5 7 b y t e s

- > A p p l e S a f a r i c a c h e e m p t i e d : 7 1 6 7 1 b y t e s



U s e r : D e f a u l t U s e r

- > T e m p f o l d e r e m p t i e d : 0 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 0 b y t e s



U s e r : G u e s t

- > T e m p f o l d e r e m p t i e d : 0 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 0 b y t e s



U s e r : L o c a l S e r v i c e

- > T e m p f o l d e r e m p t i e d : 0 b y t e s

F i l e d e l e t e f a i l e d . C : \ D o c u m e n t s a n d S e t t i n g s \ L o c a l S e r v i c e \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ i n d e x . d a t s c h e d u l e d t o b e d e l e t e d o n r e b o o t .

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 3 2 9 0 2 b y t e s



U s e r : N e t w o r k S e r v i c e

- > T e m p f o l d e r e m p t i e d : 0 b y t e s

- > T e m p o r a r y I n t e r n e t F i l e s f o l d e r e m p t i e d : 0 b y t e s



% s y s t e m d r i v e % . t m p f i l e s r e m o v e d : 0 b y t e s

% s y s t e m r o o t % . t m p f i l e s r e m o v e d : 0 b y t e s

% s y s t e m r o o t % \ S y s t e m 3 2 . t m p f i l e s r e m o v e d : 0 b y t e s

W i n d o w s T e m p f o l d e r e m p t i e d : 2 5 5 b y t e s

R e c y c l e B i n e m p t i e d : 7 0 1 9 9 4 b y t e s



T o t a l F i l e s C l e a n e d = 2 7 . 4 6 m b





O T L b y O l d T i m e r - V e r s i o n 3 . 0 . 1 0 . 7 l o g c r e a t e d o n 0 8 2 3 2 0 0 9 _ 0 0 5 7 2 2



F i l e s \ F o l d e r s m o v e d o n R e b o o t . . .



R e g i s t r y e n t r i e s d e l e t e d o n R e b o o t . . .


Step 2:

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-23 08:24:11
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB3FF14FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB3FF150F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB3FF153B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB3FF14E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB3FF1525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB3FF1551]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB3FF1567]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP B3FF14EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP B3FF14FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP B3FF1555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP B3FF156B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP B3FF153F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP B3FF1513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP B3FF1529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs B26FD400
Device \FileSystem\Cdfs \Cdfs B2700C74

---- EOF - GMER 1.0.15 ----


Step 3:

Well, I still can not connect to the internet. "My Computer" takes longer to load than it used to - it brings out a flashlight now. And drive H has mysteriously appeared on the "My Computer" screen. The logo is a drive with a red circle with a ? in front of it. Not sure if the vimax ads etc have been taken care of since I can not connect to the internet.

Thank you,

--ezstreet1
  • 0

Advertisements

#11
heir
Posted 24 August 2009 - 10:57 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

RootRepeal did create two files to the desktop. I attempted to attach the file but received the following error: Upload failed. You are not permitted to upload this type of file
The files are named:

RootRepeal.dmp

Can you please zip that file and attach it in your reply
  • 0

#12
ezstreet1
Posted 24 August 2009 - 12:03 PM

ezstreet1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I have attached RootRepealDmp.zip

Thank you,

--exstreet1

Attached Files


  • 0

#13
ezstreet1
Posted 27 August 2009 - 09:13 AM

ezstreet1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I certainly do not mean to be a bother, but I have not gotten a next step in over three days. So have we hit a dead end?

Right now my system is considerably slower than when we started and I am not able to connect to the internet. I still need help.

Thanks,

--ezstreet1
  • 0

#14
heir
Posted 27 August 2009 - 09:44 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I haven't forgotten you..
It's not a dead end.
I've just been busy myself.
  • 0

#15
ezstreet1
Posted 27 August 2009 - 10:19 AM

ezstreet1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok, great.

Thank you,

--ezstreet1
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP