Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unclassified.Unknown Origin infection


  • This topic is locked This topic is locked
26 replies to this topic

#1 -KiKi-

-KiKi-

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 PM

Posted 18 February 2009 - 10:24 PM

I was instructed by someone who was helping me on here on how to produce this log so that someone can help me out.

Everytime I run a SAS scan, it always detects something in one of the registry keys. It's labeled as "Unclassified.Unknown Origin". I don't know what that is. I always let SAS quarantine it everytime it is detected.

Here is the exact registry key that this infection always occurs in...

HKU\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

It appears that only the SAS scan is the only scanner program that detects it each time. After it's detected, I always allow SAS to quarantine/remove it, but it keeps appearing each time I run SAS. Obviously it's not quarantining/removing it like it says it is. I don't know how to prevent it from constantly appearing. I really need help with this.

Here's the DDS.txt log below, and I have attached the attach.txt log...



DDS (Ver_09-02-01.01) - NTFSx86
Run by ME at 21:07:43.92 on Wed 02/18/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1631 [GMT -6:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ME\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Download all links using BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download link using &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: {59A861EE-32B3-42cd-8CCA-FC130EDF3A44}
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\partygaming\partycasino\RunApp.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: razpkz.dll ,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-12 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-1-12 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-1-12 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-1-12 168776]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [2008-6-23 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-6-23 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-6-23 7424]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-02-18 19:17 <DIR> --d----- c:\windows\ERUNT
2009-02-18 19:12 <DIR> --d----- C:\SDFix
2009-02-11 20:41 3,978 a------- c:\windows\system32\tmp.reg
2009-02-11 00:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-11 00:48 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-11 00:48 <DIR> --d----- c:\docume~1\me\applic~1\SUPERAntiSpyware.com
2009-02-11 00:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-11 00:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 00:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 22:19 <DIR> --d----- C:\Downloads
2009-01-22 23:15 <DIR> --d----- c:\program files\Microsoft Streets & Trips
2009-01-22 23:14 <DIR> --d----- c:\program files\Microsoft Location Finder

==================== Find3M ====================

2009-02-18 21:03 9,020 a------- c:\docume~1\me\applic~1\wklnhst.dat
2009-01-05 14:35 262,144 a------- C:\ntuser.dat
2008-12-12 11:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-11 05:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-11-21 20:10 61,224 a------- c:\documents and settings\me\GoToAssistDownloadHelper.exe
2008-08-16 21:25 35,520 a------- c:\docume~1\me\applic~1\GDIPFONTCACHEV1.DAT
2008-06-23 12:12 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 21:08:04.46 ===============

Attached Files


Edited by -KiKi-, 19 February 2009 - 03:23 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 28 February 2009 - 03:52 PM

Hi -KiKi- ,

Welcome to Bleeping Computer. I'm m0le and I will be helping you with your log. :thumbup2:

We apologise for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.
  • Please avoid changing anything on your computer (ie, downloading software) or taking unsupervised steps to remove any malware as this can make helping you much more difficult.
  • Please also try and reply regularly as long waits between instructions can make the fix much more difficult. I will bump the topic after 2 days without a reply and will close it on the third day.
So give me some time to go through your log and, in the meantime, let me know if you have already solved the issues or no longer need my help.

Thanks. :)
Posted Image
m0le is a proud member of UNITE

#3 -KiKi-

-KiKi-
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 PM

Posted 28 February 2009 - 08:47 PM

Hello m0le. I really appreciate you taking your time to help me out. Unfortunately, the issue I've been having hasn't been resolved yet. That same infection keeps appearing in the same registry key, so therefore, I still need your assistance with that.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 02 March 2009 - 12:30 PM

Hi ľKiKi-,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

There are some things that require attention and I will go over these step by step. If you are unsure of anything I am saying then don't continue, just post a query and I will get you back on track.

Please avoid changing anything on your computer (ie, downloading software) or taking unsupervised steps to remove any malware as this can make helping you much more difficult.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.


:step5: The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitComet). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


:step4: I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please deactivate OneCare Live.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows


:) Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\Documents and Settings\me\Application Data\wklnhst.dat


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at VirusTotal


:step1: Finally, Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Just to recap I need the two OTViewIt logs and the Jotti scan results.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 -KiKi-

-KiKi-
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 PM

Posted 02 March 2009 - 03:50 PM

Okay..I have a question. I'm in the step now where I'm supposed to set my computer to show hidden files in Windows.

I was instructed to remove the checkmark from the checkbox labeled "Hide protected operating system files". When I attempted to remove the checkmark, a Warning box popped up saying...

"You have chosen to display protected operating system files (files labeled System and Hidden) in Windows Explorer.

These files are required to start and run Windows. Deleting or editing them can make your computer inoperable.
Are you sure you want to display these files?


This Warning box makes it sound so serious as if it's not safe to display these protected operating system files. So is it really safe for me to remove the checkmark next to it and allow these files to be displayed???

Edited by -KiKi-, 02 March 2009 - 03:50 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 02 March 2009 - 04:27 PM

Hi -KiKi-.

That's a fair question :)

That is a standard warning and an understandably terrifying-looking one but we need to show all hidden files because, although Microsoft hide their files just so they don't get altered or deleted by accident, malware also can hide its files to stop it from being detected.

Because you are being guided through Bleeping Computer, their trainees (like me) and their experts (like the coach who is supervising me) know exactly what we are looking for and we won't delete system files in error. I will be instructing you to hide them again after we have cleaned your PC.

Hope that clears things up.

Please click "Yes" at the prompt and follow the rest of the instructions. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 -KiKi-

-KiKi-
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 PM

Posted 02 March 2009 - 04:55 PM

Thanks for that.

Now here's the Jotti scan results:

Scan taken on 02 Mar 2009 21:39:08 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Now here are the 2 OTViewIt scan results:

Here's the OTViewIt.Txt results


OTViewIt logfile created on: 3/2/2009 3:47:58 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.36% Memory free
3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.16 Gb Total Space | 129.68 Gb Free Space | 90.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KR
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/05/15 20:07:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2008/05/15 20:07:16 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/08/14 00:04:42 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2008/10/07 09:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[2008/06/10 10:30:12 | 00,125,208 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
[2007/07/09 21:21:56 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008/06/12 15:57:18 | 00,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
[2007/07/09 20:58:34 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2007/12/21 09:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
[2007/08/28 13:54:58 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
[2007/07/09 20:58:38 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2006/11/02 13:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
[2007/07/09 20:58:30 | 00,162,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2008/02/22 11:43:38 | 01,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
[2008/05/15 20:07:48 | 02,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2006/11/17 13:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[2006/11/30 08:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
[2006/11/17 03:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
[2005/08/24 18:25:00 | 00,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
[2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
[2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
[2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
[2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2006/11/17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
[2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
[2004/08/04 04:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/04 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2009/03/02 15:46:30 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
File not found -- -- (aspnet_state [On_Demand | Stopped])
[2008/06/23 12:27:47 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
[2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
[2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Auto | Running])
[2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Auto | Running])
[2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2007/12/02 17:34:30 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008/05/15 20:07:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services ==========

[2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 22:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2005/08/12 15:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2008/05/15 20:07:34 | 01,123,328 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2007/07/10 14:07:56 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/11/02 11:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02 [On_Demand | Running])
[2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2004/08/12 16:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/12/02 17:26:20 | 00,211,200 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2007/12/02 17:26:22 | 00,989,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/07/09 20:58:42 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2007/05/08 19:22:58 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
[2007/12/02 17:26:28 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/30 08:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
[2006/11/30 08:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2006/11/30 08:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2006/11/30 08:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
[2006/11/30 08:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
[2006/11/30 08:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik [System | Running])
[2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2007/08/28 13:54:50 | 00,141,376 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx [On_Demand | Running])
[2007/08/28 13:54:56 | 00,235,520 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev [On_Demand | Running])
[2007/08/28 13:55:06 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx [On_Demand | Running])
[2003/09/19 15:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/07/10 13:22:18 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/07/10 13:22:20 | 00,043,520 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2007/07/10 13:22:22 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2009/01/15 16:17:40 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2009/01/15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/01/15 16:17:38 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/05/03 04:27:21 | 00,078,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 22:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/03/30 19:04:54 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2007/07/09 21:21:54 | 00,202,912 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/03 22:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2007/12/02 17:26:20 | 00,731,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/03 22:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://att.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=yaho

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://att.yahoo.com/

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=yaho

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe (Dell Inc.)
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" (Yahoo! Inc.)
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (Microsoft Corporation)
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"garafowire"=Rundll32.exe "C:\WINDOWS\system32\takavere.dll",s File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"garafowire"=Rundll32.exe "C:\WINDOWS\system32\takavere.dll",s File not found

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (Microsoft Corporation)
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

========== (O4) Startup Folders ==========

[1999/11/04 14:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all links using BitComet: C:\Program Files\BitComet\BitComet.exe [2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com)
Download link using &BitComet: C:\Program Files\BitComet\BitComet.exe [2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\MenuExt\]
Download all links using BitComet: C:\Program Files\BitComet\BitComet.exe [2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com)
Download link using &BitComet: C:\Program Files\BitComet\BitComet.exe [2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}: Button: PartyGammon.com -- File not found
{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}: Menu: PartyGammon.com -- File not found
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: Button: PartyCasino -- %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: Menu: PartyCasino -- %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44} [HKLM] -> [PartyGammon.com] -> File not found
CmdMapping\\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} [HKLM] -> %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [PartyCasino] -> [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E908B145-C847-4e85-B315-07E2E70DECF8} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44} [HKLM] -> [PartyGammon.com] -> File not found
CmdMapping\\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} [HKLM] -> %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [PartyCasino] -> [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44} [HKLM] -> [PartyGammon.com] -> File not found
CmdMapping\\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} [HKLM] -> %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [PartyCasino] -> [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44} [HKLM] -> [PartyGammon.com] -> File not found
CmdMapping\\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} [HKLM] -> %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [PartyCasino] -> [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E908B145-C847-4e85-B315-07E2E70DECF8} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0742B9EF-8C83-41CA-BFBA-830A59E23533}: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab -- Microsoft Data Collection Control
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05

========== (O17) DNS Name Servers ==========

{6F6FD2E9-7CF4-4782-90A4-3E6BC29F9F12} (Servers: | Description: Dell Wireless 1395 WLAN Mini-Card)
{8C754E9C-24C7-41E7-8E3C-323EE29F2792} (Servers: | Description: )
{D6D740BF-2F70-42C2-AF7B-E0C65BA02842} (Servers: | Description: 1394 Net Adapter)
{F01BB8F6-15CE-4C80-84DC-8CE3CAD6BC2A} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=razpkz.dll ,
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
GoToAssist: "DllName" = C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll -- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/11 16:15:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/03/02 15:46:21 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTViewIt.exe
[2009/03/01 20:45:57 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\VINYLS.doc
[2009/02/28 18:35:23 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\CLONAZEPAM.doc
[2009/02/24 02:14:39 | 06,359,084 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\the_dream_sweat_it_out.mp3
[2009/02/23 18:39:00 | 01,717,258 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\NEVER_MARRY_A_WOMAN_BIGGER_THAN_YOU.wmv
[2009/02/21 14:05:29 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\ME\My Documents\~$eepingComputer multiple scan instructions.doc
[2009/02/21 02:44:13 | 05,561,369 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\Ciara ft JT - Love_ Sex _ Magic - Necolebleepie[1].com.mp3
[2009/02/20 22:07:44 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\screenplay.doc
[2009/02/20 15:15:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\CrazySexyCool
[2009/02/18 21:06:05 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\dds.scr
[2009/02/18 19:17:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/02/18 19:15:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\ME\My Documents\~$Fix instructions.doc
[2009/02/18 19:12:49 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/02/18 18:11:25 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\SDFix instructions.doc
[2009/02/18 15:35:34 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\TAUDARIUS.doc
[2009/02/16 16:58:34 | 07,520,720 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\Letoya Luckett - Not Anymore.mp3
[2009/02/15 21:32:14 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\BleepingComputer multiple scan instructions.doc
[2009/02/15 12:32:32 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\system restore instructions.doc
[2009/02/14 11:39:26 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\One More Chance lyrics.doc
[2009/02/11 20:41:39 | 00,003,978 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/11 20:40:50 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/02/11 20:40:50 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/02/11 20:40:50 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/02/11 20:40:50 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/02/11 20:40:50 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/02/11 20:40:50 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/02/11 20:40:50 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/02/11 20:40:50 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/02/11 20:40:50 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/02/11 20:40:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/02/11 20:40:50 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/02/11 20:40:49 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/02/11 20:40:49 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/02/11 17:05:19 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/11 16:59:27 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\superantispyware instructions.doc
[2009/02/11 02:42:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/11 02:40:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/02/11 00:49:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/11 00:48:53 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/11 00:48:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\SUPERAntiSpyware.com
[2009/02/11 00:37:37 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/11 00:37:37 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/11 00:37:35 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 00:37:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2009/03/02 15:46:30 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTViewIt.exe
[2009/03/02 14:10:50 | 00,467,158 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/02 14:10:50 | 00,399,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/02 14:10:50 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/02 14:06:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/02 14:06:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/02 04:23:09 | 00,009,648 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\wklnhst.dat
[2009/03/02 04:23:05 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\HOSPITALS.doc
[2009/03/01 20:45:58 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\VINYLS.doc
[2009/03/01 20:15:39 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Microsoft Word.lnk
[2009/02/28 18:35:23 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\CLONAZEPAM.doc
[2009/02/27 22:34:21 | 00,000,071 | ---- | M] () -- C:\WINDOWS\pex.INI
[2009/02/27 22:34:07 | 00,000,151 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2009/02/25 14:05:33 | 00,001,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ClubWPT.lnk
[2009/02/24 21:34:20 | 06,952,174 | -H-- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\IconCache.db
[2009/02/24 02:14:40 | 06,359,084 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\the_dream_sweat_it_out.mp3
[2009/02/23 18:39:14 | 01,717,258 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\NEVER_MARRY_A_WOMAN_BIGGER_THAN_YOU.wmv
[2009/02/22 23:35:12 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\screenplay.doc
[2009/02/21 14:05:29 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\ME\My Documents\~$eepingComputer multiple scan instructions.doc
[2009/02/21 02:44:14 | 05,561,369 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\Ciara ft JT - Love_ Sex _ Magic - Necolebleepie[1].com.mp3
[2009/02/20 19:29:36 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/02/20 19:24:23 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 16:10:52 | 00,002,469 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2009/02/18 22:08:51 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\TAUDARIUS.doc
[2009/02/18 21:06:08 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\dds.scr
[2009/02/18 19:20:21 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/02/18 19:15:47 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\ME\My Documents\~$Fix instructions.doc
[2009/02/18 18:11:25 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\SDFix instructions.doc
[2009/02/18 17:31:32 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vamokiru
[2009/02/16 22:29:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/16 16:58:34 | 07,520,720 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\Letoya Luckett - Not Anymore.mp3
[2009/02/15 21:32:14 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\BleepingComputer multiple scan instructions.doc
[2009/02/15 14:38:46 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\LO pm's.doc
[2009/02/15 12:46:17 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\system restore instructions.doc
[2009/02/14 16:37:05 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/02/14 11:48:11 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\One More Chance lyrics.doc
[2009/02/11 20:41:39 | 00,003,978 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/11 17:05:19 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/11 16:59:28 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\superantispyware instructions.doc
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/11 03:01:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 02:36:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/11 00:37:37 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/10 17:36:31 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\L.A. nightclubs.doc
< End of report >



Here's the Extras.Txt results

OTViewIt Extras logfile created on: 3/2/2009 3:47:58 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.36% Memory free
3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.16 Gb Total Space | 129.68 Gb Free Space | 90.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KR
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/12/21 09:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[2008/09/05 03:42:52 | 01,579,008 | ---- | M] (MP2P Technologies.) -- C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet
[2006/11/17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe:*:Enabled:naPrdMgr
[2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
[2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2004/08/04 04:00:00 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 02:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 02:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 02:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 02:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/11/27 18:19:22 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0684EECC-380C-4B97-8C51-5BDB9E4D679C}"=ArcSoft Software Suite
"{0712667C-A171-49AE-A098-4ACDA28625F8}"=Sony Sound Forge 7.0
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}"=Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}"=Roxio Creator DE
"{0A9741D4-AAD3-40E5-B451-5882D92EA037}"=DSC3000 Drivers
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}"=Microsoft Works Suite Add-in for Microsoft Word
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}"=Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}"=Roxio Creator Tools
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}"=McAfee VirusScan Enterprise
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}"=Banctec Service Agreement
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}"=Dell DataSafe Online
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}"=Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}"=Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}"=Microsoft Streets & Trips 2006
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}"=Watson
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}"=OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}"=MediaDirect
"{9D18F7F8-B984-4249-8512-CC621BC59F12}"=Microsoft Location Finder
"{A4DFB437-6C9F-40AE-B91D-89980131B516}"=Digital MultiCam II Driver
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}"=Documentation & Support Launcher
"{B6884A07-0305-47AE-9969-8F26FADC17DE}"=Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}"=Roxio Creator Copy
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}"=Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}"=Search Settings 1.2
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}"=IntelliSonic Speech Enhancement
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}"=Ulead Photo Explorer 8.0 SE Basic
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}"=Microsoft Easy Assist v2
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}"=Works Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}"=Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"=Musicmatch for Windows Media Player
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}"=Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}"=Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}"=Modem Diagnostic Tool
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Advanced Audio FX Engine"=Advanced Audio FX Engine
"Advanced Video FX Engine"=Advanced Video FX Engine
"BitComet"=BitComet 0.75
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"ClubWPT"=ClubWPT
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F"=Conexant HDA D330 MDC V.92 Modem
"Collab"=Collab
"Creative OEM002"=Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center"=Dell Webcam Center
"Dell Webcam Manager"=Dell Webcam Manager
"FL Studio 5"=FL Studio 5
"GoToAssist"=GoToAssist 8.0.0.514
"HDMI"=Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"PartyCasino"=PartyCasino
"PartyGammon"=PartyGammon
"PartyPoker"=PartyPoker
"Piolet"=Piolet 3.0.6
"SearchAssist"=SearchAssist
"SynTPDeinstKey"=Dell Touchpad
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WM Recorder 11.3"=WM Recorder 11.3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Works2006Setup"=Microsoft Works Suite 2006 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Mail Advisor"=Yahoo! Mail Advisor
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Search Defender"=Yahoo! Search Protection
"Yahoo! Software Update"=Yahoo! Software Update
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 2/18/2009 9:16:53 PM | Computer Name = KR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV Fips intelppm SASDIFSV SASKUTIL

Error - 2/19/2009 6:10:30 PM | Computer Name = KR | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
unexpectedly. It has done this 1 time(s).

Error - 2/20/2009 5:21:03 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/20/2009 5:51:17 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/20/2009 9:22:37 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/22/2009 12:47:44 AM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/22/2009 12:49:01 AM | Computer Name = KR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV Fips intelppm SASDIFSV SASKUTIL

Error - 2/22/2009 1:10:34 AM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/23/2009 8:39:16 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/25/2009 10:25:05 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 04 March 2009 - 10:32 AM

Okay, -KiKi-.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..

We need to backup your registry as we will be making changes there.
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\Program Files\Search Settings
    C:\WINDOWS\system32\takavere.dll
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=-
    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "garafowire"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "E312764E-7706-43F1-8DAB-FCDD2B1E416D"=-
    [HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "E312764E-7706-43F1-8DAB-FCDD2B1E416D"=-
    [HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F"=-
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post a new DDS log also :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 -KiKi-

-KiKi-
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 PM

Posted 04 March 2009 - 03:51 PM

Okay before I get started, exactly when do I restore the registry?

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 04 March 2009 - 04:05 PM

You will only need to restore the registry if an error occurs.

Do not do it unless I tell you to.

Backing up is only a precaution. If you look through the topics on Bleeping Computer you will see that any malware removal work that is done in the registry comes with a Back up your registry paragraph and a link to ERUNT or a similar back-up program.
Posted Image
m0le is a proud member of UNITE

#11 -KiKi-

-KiKi-
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 PM

Posted 04 March 2009 - 04:59 PM

Okay, here's the OTMoveIt3 results...

========== FILES ==========
C:\Program Files\Search Settings\kb127\temp moved successfully.
C:\Program Files\Search Settings\kb127\res moved successfully.
C:\Program Files\Search Settings\kb127 moved successfully.
C:\Program Files\Search Settings moved successfully.
File/Folder C:\WINDOWS\system32\takavere.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls deleted successfully.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\garafowire deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\E312764E-7706-43F1-8DAB-FCDD2B1E416D not found.
Registry value HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\E312764E-7706-43F1-8DAB-FCDD2B1E416D not found.
Registry value HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03042009_154709

#12 -KiKi-

-KiKi-
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 PM

Posted 04 March 2009 - 05:00 PM

Now here's the DDS log below....I've also attached the attach.txt log.


DDS (Ver_09-02-01.01) - NTFSx86
Run by ME at 15:56:05.34 on Wed 03/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1593 [GMT -6:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ME\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Download all links using BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download link using &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: {59A861EE-32B3-42cd-8CCA-FC130EDF3A44}
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\partygaming\partycasino\RunApp.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-12 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-1-12 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-1-12 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-1-12 168776]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [2008-6-23 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-6-23 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-6-23 7424]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-03-04 15:47 <DIR> --d----- C:\_OTMoveIt
2009-02-18 19:17 <DIR> --d----- c:\windows\ERUNT
2009-02-18 19:12 <DIR> --d----- C:\SDFix
2009-02-11 20:41 3,978 a------- c:\windows\system32\tmp.reg
2009-02-11 00:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-11 00:48 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-11 00:48 <DIR> --d----- c:\docume~1\me\applic~1\SUPERAntiSpyware.com
2009-02-11 00:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-11 00:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 00:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-03-02 04:23 9,648 a------- c:\docume~1\me\applic~1\wklnhst.dat
2009-01-05 14:35 262,144 a------- C:\ntuser.dat
2008-12-12 11:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-11 05:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-11-21 20:10 61,224 a------- c:\documents and settings\me\GoToAssistDownloadHelper.exe
2008-08-16 21:25 35,520 a------- c:\docume~1\me\applic~1\GDIPFONTCACHEV1.DAT
2008-06-23 12:12 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 15:56:25.87 ===============

Attached Files



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 05 March 2009 - 07:33 AM

A good start! :)

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Post a new OTViewIt scan as well please :thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 -KiKi-

-KiKi-
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 PM

Posted 05 March 2009 - 01:52 PM

Here's the MBAM log...

Malwarebytes' Anti-Malware 1.34
Database version: 1820
Windows 5.1.2600 Service Pack 2

3/5/2009 12:47:15 PM
mbam-log-2009-03-05 (12-47-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 123681
Time elapsed: 21 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\vcredist_x86.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP110\A0026880.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcredist_x86.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

#15 -KiKi-

-KiKi-
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 PM

Posted 05 March 2009 - 01:53 PM

Here's the OTViewIt.txt log...

OTViewIt logfile created on: 3/5/2009 12:51:07 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.94% Memory free
3.84 Gb Paging File | 3.50 Gb Available in Paging File | 91.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.16 Gb Total Space | 129.70 Gb Free Space | 90.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KR
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/05/15 20:07:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2008/05/15 20:07:16 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/08/14 00:04:42 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2008/10/07 09:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[2008/06/10 10:30:12 | 00,125,208 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
[2007/07/09 21:21:56 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/07/09 20:58:34 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2007/12/21 09:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
[2007/08/28 13:54:58 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
[2006/11/02 13:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
[2007/07/09 20:58:30 | 00,162,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2007/07/09 20:58:38 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/02/22 11:43:38 | 01,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
[2008/05/15 20:07:48 | 02,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2006/11/17 13:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[2006/11/30 08:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
[2005/08/24 18:25:00 | 00,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
[2006/11/17 03:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
[2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
[2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
[2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
[2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2006/11/17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
[2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
[2004/08/04 04:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2004/08/04 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2009/03/02 15:46:30 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
File not found -- -- (aspnet_state [On_Demand | Stopped])
[2008/06/23 12:27:47 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
[2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
[2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Auto | Paused])
[2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Auto | Running])
[2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2007/12/02 17:34:30 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008/05/15 20:07:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services ==========

[2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 22:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2005/08/12 15:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2008/05/15 20:07:34 | 01,123,328 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2007/07/10 14:07:56 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/11/02 11:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02 [On_Demand | Running])
[2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2004/08/12 16:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/12/02 17:26:20 | 00,211,200 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2007/12/02 17:26:22 | 00,989,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/07/09 20:58:42 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2007/05/08 19:22:58 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
[2007/12/02 17:26:28 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/30 08:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
[2006/11/30 08:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2006/11/30 08:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2006/11/30 08:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
[2006/11/30 08:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
[2006/11/30 08:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik [System | Running])
[2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2007/08/28 13:54:50 | 00,141,376 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx [On_Demand | Running])
[2007/08/28 13:54:56 | 00,235,520 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev [On_Demand | Running])
[2007/08/28 13:55:06 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx [On_Demand | Running])
[2003/09/19 15:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/07/10 13:22:18 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/07/10 13:22:20 | 00,043,520 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2007/07/10 13:22:22 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2009/01/15 16:17:40 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2009/01/15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/01/15 16:17:38 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/05/03 04:27:21 | 00,078,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 22:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/03/30 19:04:54 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2007/07/09 21:21:54 | 00,202,912 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/03 22:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2007/12/02 17:26:20 | 00,731,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/03 22:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://att.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=yaho

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://att.yahoo.com/

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=yaho

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe (Dell Inc.)
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe File not found
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" (Yahoo! Inc.)
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (Microsoft Corporation)
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"garafowire"=Rundll32.exe "C:\WINDOWS\system32\takavere.dll",s File not found

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (Microsoft Corporation)
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

========== (O4) Startup Folders ==========

[1999/11/04 14:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all links using BitComet: C:\Program Files\BitComet\BitComet.exe [2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com)
Download link using &BitComet: C:\Program Files\BitComet\BitComet.exe [2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\Software\Microsoft\Internet Explorer\MenuExt\]
Download all links using BitComet: C:\Program Files\BitComet\BitComet.exe [2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com)
Download link using &BitComet: C:\Program Files\BitComet\BitComet.exe [2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}: Button: PartyGammon.com -- File not found
{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}: Menu: PartyGammon.com -- File not found
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: Button: PartyCasino -- %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}: Menu: PartyCasino -- %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44} [HKLM] -> [PartyGammon.com] -> File not found
CmdMapping\\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} [HKLM] -> %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [PartyCasino] -> [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E908B145-C847-4e85-B315-07E2E70DECF8} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44} [HKLM] -> [PartyGammon.com] -> File not found
CmdMapping\\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} [HKLM] -> %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [PartyCasino] -> [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44} [HKLM] -> [PartyGammon.com] -> File not found
CmdMapping\\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} [HKLM] -> %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [PartyCasino] -> [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44} [HKLM] -> [PartyGammon.com] -> File not found
CmdMapping\\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} [HKLM] -> %ProgramFiles%\PartyGaming\PartyCasino\RunApp.exe [PartyCasino] -> [2008/07/28 18:45:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/11/07 09:58:44 | 00,110,592 | ---- | M] ()
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E908B145-C847-4e85-B315-07E2E70DECF8} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0742B9EF-8C83-41CA-BFBA-830A59E23533}: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab -- Microsoft Data Collection Control
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05

========== (O17) DNS Name Servers ==========

{6F6FD2E9-7CF4-4782-90A4-3E6BC29F9F12} (Servers: | Description: Dell Wireless 1395 WLAN Mini-Card)
{8C754E9C-24C7-41E7-8E3C-323EE29F2792} (Servers: | Description: )
{D6D740BF-2F70-42C2-AF7B-E0C65BA02842} (Servers: | Description: 1394 Net Adapter)
{F01BB8F6-15CE-4C80-84DC-8CE3CAD6BC2A} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
GoToAssist: "DllName" = C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll -- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/11 16:15:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/03/05 12:48:18 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\MBAM.doc
[2009/03/04 15:47:09 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/03/04 15:46:10 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTMoveIt3.exe
[2009/03/04 15:44:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\ERUN-T
[2009/03/02 15:46:21 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTViewIt.exe
[2009/03/01 20:45:57 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\VINYLS.doc
[2009/02/28 18:35:23 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\CLONAZEPAM.doc
[2009/02/24 02:14:39 | 06,359,084 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\the_dream_sweat_it_out.mp3
[2009/02/23 18:39:00 | 01,717,258 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\NEVER_MARRY_A_WOMAN_BIGGER_THAN_YOU.wmv
[2009/02/21 14:05:29 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\ME\My Documents\~$eepingComputer multiple scan instructions.doc
[2009/02/21 02:44:13 | 05,561,369 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\Ciara ft JT - Love_ Sex _ Magic - Necolebleepie[1].com.mp3
[2009/02/20 22:07:44 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\screenplay.doc
[2009/02/20 15:15:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\CrazySexyCool
[2009/02/18 21:06:05 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\dds.scr
[2009/02/18 19:17:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/02/18 19:15:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\ME\My Documents\~$Fix instructions.doc
[2009/02/18 19:12:49 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/02/18 18:11:25 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\SDFix instructions.doc
[2009/02/18 15:35:34 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\TAUDARIUS.doc
[2009/02/16 16:58:34 | 07,520,720 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\Letoya Luckett - Not Anymore.mp3
[2009/02/15 21:32:14 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\BleepingComputer multiple scan instructions.doc
[2009/02/15 12:32:32 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\system restore instructions.doc
[2009/02/14 11:39:26 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\One More Chance lyrics.doc
[2009/02/11 20:41:39 | 00,003,978 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/11 20:40:50 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/02/11 20:40:50 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/02/11 20:40:50 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/02/11 20:40:50 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/02/11 20:40:50 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/02/11 20:40:50 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/02/11 20:40:50 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/02/11 20:40:50 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/02/11 20:40:50 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/02/11 20:40:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/02/11 20:40:50 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/02/11 20:40:49 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/02/11 20:40:49 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/02/11 17:05:19 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/11 16:59:27 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\ME\My Documents\superantispyware instructions.doc
[2009/02/11 02:42:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/11 02:40:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/02/11 00:49:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/11 00:48:53 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/11 00:48:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\SUPERAntiSpyware.com
[2009/02/11 00:37:37 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/11 00:37:37 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/11 00:37:35 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 00:37:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2009/03/05 12:48:53 | 00,009,760 | ---- | M] () -- C:\Documents and Settings\ME\Application Data\wklnhst.dat
[2009/03/05 12:48:18 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\MBAM.doc
[2009/03/05 12:47:39 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\Microsoft Word.lnk
[2009/03/05 12:06:40 | 00,467,158 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/05 12:06:40 | 00,399,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/05 12:06:40 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/05 12:02:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/05 12:01:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/04 17:41:13 | 00,000,151 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2009/03/04 15:46:12 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTMoveIt3.exe
[2009/03/02 15:46:30 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTViewIt.exe
[2009/03/02 04:23:05 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\HOSPITALS.doc
[2009/03/01 20:45:58 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\VINYLS.doc
[2009/02/28 18:35:23 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\CLONAZEPAM.doc
[2009/02/27 22:34:21 | 00,000,071 | ---- | M] () -- C:\WINDOWS\pex.INI
[2009/02/25 14:05:33 | 00,001,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ClubWPT.lnk
[2009/02/24 21:34:20 | 06,952,174 | -H-- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\IconCache.db
[2009/02/24 02:14:40 | 06,359,084 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\the_dream_sweat_it_out.mp3
[2009/02/23 18:39:14 | 01,717,258 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\NEVER_MARRY_A_WOMAN_BIGGER_THAN_YOU.wmv
[2009/02/22 23:35:12 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\screenplay.doc
[2009/02/21 14:05:29 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\ME\My Documents\~$eepingComputer multiple scan instructions.doc
[2009/02/21 02:44:14 | 05,561,369 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\Ciara ft JT - Love_ Sex _ Magic - Necolebleepie[1].com.mp3
[2009/02/20 19:29:36 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/02/20 19:24:23 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\ME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 16:10:52 | 00,002,469 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2009/02/18 22:08:51 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\TAUDARIUS.doc
[2009/02/18 21:06:08 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\dds.scr
[2009/02/18 19:20:21 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/02/18 19:15:47 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\ME\My Documents\~$Fix instructions.doc
[2009/02/18 18:11:25 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\SDFix instructions.doc
[2009/02/18 17:31:32 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vamokiru
[2009/02/16 22:29:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/16 16:58:34 | 07,520,720 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\Letoya Luckett - Not Anymore.mp3
[2009/02/15 21:32:14 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\BleepingComputer multiple scan instructions.doc
[2009/02/15 14:38:46 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\LO pm's.doc
[2009/02/15 12:46:17 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\system restore instructions.doc
[2009/02/14 16:37:05 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2009/02/14 11:48:11 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\One More Chance lyrics.doc
[2009/02/11 20:41:39 | 00,003,978 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/11 17:05:19 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/11 16:59:28 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\superantispyware instructions.doc
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/11 03:01:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 02:36:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/11 00:37:37 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/10 17:36:31 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\ME\My Documents\L.A. nightclubs.doc
< End of report >




Here's the Extras.txt log...

OTViewIt Extras logfile created on: 3/5/2009 12:51:07 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.94% Memory free
3.84 Gb Paging File | 3.50 Gb Available in Paging File | 91.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.16 Gb Total Space | 129.70 Gb Free Space | 90.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KR
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/12/21 09:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2006/10/24 07:59:08 | 04,244,992 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[2008/09/05 03:42:52 | 01,579,008 | ---- | M] (MP2P Technologies.) -- C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet
[2006/11/17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe:*:Enabled:naPrdMgr
[2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
[2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2004/08/04 04:00:00 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 02:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 02:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 02:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 02:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/11/27 18:19:22 | 00,230,760 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0684EECC-380C-4B97-8C51-5BDB9E4D679C}"=ArcSoft Software Suite
"{0712667C-A171-49AE-A098-4ACDA28625F8}"=Sony Sound Forge 7.0
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}"=Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}"=Roxio Creator DE
"{0A9741D4-AAD3-40E5-B451-5882D92EA037}"=DSC3000 Drivers
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}"=Microsoft Works
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}"=Microsoft Works Suite Add-in for Microsoft Word
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}"=Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}"=Roxio Creator Tools
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}"=McAfee VirusScan Enterprise
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}"=Banctec Service Agreement
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}"=Dell DataSafe Online
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}"=Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}"=Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}"=Microsoft Streets & Trips 2006
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}"=Watson
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}"=OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}"=MediaDirect
"{9D18F7F8-B984-4249-8512-CC621BC59F12}"=Microsoft Location Finder
"{A4DFB437-6C9F-40AE-B91D-89980131B516}"=Digital MultiCam II Driver
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}"=Documentation & Support Launcher
"{B6884A07-0305-47AE-9969-8F26FADC17DE}"=Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}"=Roxio Creator Copy
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}"=Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}"=Search Settings 1.2
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}"=IntelliSonic Speech Enhancement
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}"=Ulead Photo Explorer 8.0 SE Basic
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}"=Microsoft Easy Assist v2
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}"=Works Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}"=Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"=Musicmatch for Windows Media Player
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}"=Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}"=Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}"=Modem Diagnostic Tool
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0"=Adobe Photoshop 7.0
"Advanced Audio FX Engine"=Advanced Audio FX Engine
"Advanced Video FX Engine"=Advanced Video FX Engine
"BitComet"=BitComet 0.75
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"ClubWPT"=ClubWPT
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F"=Conexant HDA D330 MDC V.92 Modem
"Collab"=Collab
"Creative OEM002"=Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center"=Dell Webcam Center
"Dell Webcam Manager"=Dell Webcam Manager
"FL Studio 5"=FL Studio 5
"GoToAssist"=GoToAssist 8.0.0.514
"HDMI"=Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"PartyCasino"=PartyCasino
"PartyGammon"=PartyGammon
"PartyPoker"=PartyPoker
"Piolet"=Piolet 3.0.6
"SearchAssist"=SearchAssist
"SynTPDeinstKey"=Dell Touchpad
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WM Recorder 11.3"=WM Recorder 11.3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Works2006Setup"=Microsoft Works Suite 2006 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Mail Advisor"=Yahoo! Mail Advisor
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Search Defender"=Yahoo! Search Protection
"Yahoo! Software Update"=Yahoo! Software Update
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2775356270-2125727310-2574386005-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/2/2009 9:33:02 PM | Computer Name = KR | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2009 9:33:05 PM | Computer Name = KR | Source = Application Hang | ID = 1001
Description = Fault bucket 126637809.

Error - 3/5/2009 4:35:56 AM | Computer Name = KR | Source = Application Error | ID = 1001
Description = Fault bucket 127515629.

[ System Events ]
Error - 2/18/2009 9:16:53 PM | Computer Name = KR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV Fips intelppm SASDIFSV SASKUTIL

Error - 2/19/2009 6:10:30 PM | Computer Name = KR | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
unexpectedly. It has done this 1 time(s).

Error - 2/20/2009 5:21:03 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/20/2009 5:51:17 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/20/2009 9:22:37 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/22/2009 12:47:44 AM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/22/2009 12:49:01 AM | Computer Name = KR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV Fips intelppm SASDIFSV SASKUTIL

Error - 2/22/2009 1:10:34 AM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/23/2009 8:39:16 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/25/2009 10:25:05 PM | Computer Name = KR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users