Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 Pats2010

Pats2010

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Boston, Ma
  • Local time:07:46 AM

Posted 21 November 2009 - 11:54 AM

I appear to be infected with a Goggle redirect virus. Initially when I did a search on Google I would get results for my search but then get redirected to various sites i.e. tooseeka etc. Now the virus appears to have gotten worse, now when i try and search through Google i et no results at all. I am running windows XP with Internet Explorer as my browser. Any help would be greatly appreciated.
Following is my DDS log:






DDS (Ver_09-10-26.01) - NTFSx86
Run by Dan Reardon at 10:09:40.74 on Sat 11/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1577 [GMT -5:00]

AV: Windows Protection Suite *On-access scanning enabled* (Updated) {1FBBA90A-71CF-4F5D-B218-BCF2B906FB78}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Windows Protection Suite *enabled* {9358465B-83BF-4D3B-B15B-E85A10C68A81}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dan Reardon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.verizon.net/central/vzc.portal
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [<NO NAME>]
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Cleanup] c:\docume~1\danrea~1\locals~1\temp\2008212222037_mcappins.exe /v=3 /cleanup
mRun: [msci] c:\docume~1\danrea~1\locals~1\temp\2008212222018_mcinfo.exe /insfin
mRun: [bacstray] BacsTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://echoln1.emcor.net/iNotes6W.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251583610162
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\autocad 2000i\AcDcToday.ocx
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - hxxp://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\autocad 2000i\AcPreview.ocx
Notify: Sebring - c:\windows\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: init32.exe - svchost.exe

============= SERVICES / DRIVERS ===============

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2004-8-1 6097]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-24 34824]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-10-24 468224]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-17 24652]
S1 NMNTT;NMNTT; [x]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2004-8-1 299923]

=============== Created Last 30 ================


==================== Find3M ====================

2009-11-18 19:12:24 35998 ----a-w- c:\windows\system32\nvModes.dat
2009-10-21 04:08:54 3598336 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-20 17:59:23 15120 ----a-w- c:\windows\system32\~.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:28:59 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18:44 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18:41 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2006-03-03 05:52:30 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 10:10:28.10 ===============
is my DDS log :

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 AM

Posted 21 November 2009 - 06:04 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    %SYSTEMDRIVE%\tdl*.dll /s /md5
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Pats2010

Pats2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Boston, Ma
  • Local time:07:46 AM

Posted 22 November 2009 - 10:30 AM

Sam,
Thanks in advance for all of your help! Following are the two scans you requested. BTW I noticed in the OTL box something about "file age" 14 days, I know I have had this virus longer than that, if it matters.


OTL logfile created on: 11/22/2009 10:06:07 AM - Run 1
OTL by OldTimer - Version 3.1.6.3 Folder = C:\Documents and Settings\Dan Reardon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 78.83% Memory free
2.23 Gb Paging File | 1.92 Gb Available in Paging File | 86.28% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 14.15 Gb Free Space | 25.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REARDONLAPTOP
Current User Name: Dan Reardon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/22 10:02:52 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
PRC - [2009/08/27 00:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/24 19:51:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/10/24 19:50:00 | 01,451,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/08 20:08:54 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/05/16 19:45:56 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
PRC - [2004/10/26 12:01:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2004/01/12 06:53:30 | 00,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
PRC - [2004/01/09 10:12:08 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\SYSTEM32\1XConfig.exe
PRC - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe
PRC - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe
PRC - [2003/06/20 03:43:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/14 18:37:56 | 00,098,304 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\BacsTray.exe
PRC - [2003/02/04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/22 10:02:52 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\mslbui.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/06/17 09:17:10 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/24 19:56:30 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008/10/24 19:51:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/05/16 19:45:56 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/26 12:01:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2003/04/29 14:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/02/04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE -- (ScsiAccess)
SRV - [2002/08/29 05:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\IPXSAP.DLL -- (NwSapAgent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/vzc.portal
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\S-1-5-21-1133200692-3295021346-3824702933-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\S-1-5-21-1133200692-3295021346-3824702933-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost



O1 HOSTS File: (7121 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 64.86.17.32 google.ae
O1 - Hosts: 64.86.17.32 google.as
O1 - Hosts: 64.86.17.32 google.at
O1 - Hosts: 64.86.17.32 google.az
O1 - Hosts: 64.86.17.32 google.ba
O1 - Hosts: 64.86.17.32 google.be
O1 - Hosts: 64.86.17.32 google.bg
O1 - Hosts: 64.86.17.32 google.bs
O1 - Hosts: 64.86.17.32 google.ca
O1 - Hosts: 64.86.17.32 google.cd
O1 - Hosts: 64.86.17.32 google.com.gh
O1 - Hosts: 64.86.17.32 google.com.hk
O1 - Hosts: 64.86.17.32 google.com.jm
O1 - Hosts: 200 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [bacstray] C:\WINDOWS\System32\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Cleanup] C:\DOCUME~1\DANREA~1\LOCALS~1\Temp\2008212222037_mcappins.exe File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [msci] C:\DOCUME~1\DANREA~1\LOCALS~1\Temp\2008212222018_mcinfo.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\System32\mljkk.exe) - C:\WINDOWS\System32\mljkk.exe File not found
F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\System32\mljkk.exe) - C:\WINDOWS\System32\mljkk.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://echoln1.emcor.net/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1251583610162 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx (InstaFred)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.243.0.12 68.237.161.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 () - C:\Program Files\Windows NT\promymyce.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O27 - HKLM IFEO\init32.exe : Debugger - svchost.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/05 19:40:00 | 00,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{63d4f810-2240-11de-8ea4-000f1f100ae2}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{cd3daf62-12e0-11dd-8d99-000f1f100ae2}\Shell - "" = AutoRun
O33 - MountPoints2\{cd3daf62-12e0-11dd-8d99-000f1f100ae2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd3daf62-12e0-11dd-8d99-000f1f100ae2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892059130527744)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/22 10:02:42 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
[2009/11/21 10:40:07 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dan Reardon\Desktop\RootRepeal.exe
[2006/03/03 00:52:40 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/22 10:02:52 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
[2009/11/22 09:16:13 | 00,035,998 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/11/22 09:16:06 | 00,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/22 09:15:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/22 09:15:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/22 09:15:37 | 21,467,42272 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/21 12:58:14 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Dan Reardon\NTUSER.DAT
[2009/11/21 12:58:14 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan Reardon\NTUSER.INI
[2009/11/21 10:40:26 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Desktop\settings.dat
[2009/11/21 10:40:11 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dan Reardon\Desktop\RootRepeal.exe
[2009/11/21 10:03:25 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Desktop\dds.scr
[2009/11/20 14:18:48 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/18 14:12:24 | 00,035,998 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/11/11 18:24:00 | 00,436,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 10:09:27 | 00,001,067 | ---- | M] () -- C:\WINDOWS\WIN.INI
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/21 10:40:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Desktop\settings.dat
[2009/11/21 10:03:00 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Desktop\dds.scr
[2009/10/13 14:54:32 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/11 10:22:44 | 00,002,115 | ---- | C] () -- C:\WINDOWS\RRK32.INI
[2009/08/11 10:22:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/04/12 19:15:05 | 00,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/01/20 21:36:28 | 00,005,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/10/24 19:53:28 | 00,034,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2008/10/23 20:10:10 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/10/23 20:10:10 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2008/10/23 20:10:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/10/23 20:10:10 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/01/19 09:16:32 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/11/13 17:25:07 | 00,781,834 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/11/13 17:25:07 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/11/13 17:18:37 | 00,000,056 | ---- | C] () -- C:\WINDOWS\cglp.ini
[2007/10/08 20:27:18 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Type to Learn Jr.ini
[2007/09/24 17:23:14 | 00,000,118 | ---- | C] () -- C:\WINDOWS\type32.ini
[2007/09/10 20:47:22 | 00,000,245 | ---- | C] () -- C:\WINDOWS\KA.ini
[2007/07/29 23:13:22 | 00,000,033 | ---- | C] () -- C:\WINDOWS\VBA.INI
[2007/07/29 22:04:15 | 00,001,626 | ---- | C] () -- C:\WINDOWS\winproj4.ini
[2007/07/29 22:04:15 | 00,000,123 | ---- | C] () -- C:\WINDOWS\MSMAIL.INI
[2007/05/14 21:33:28 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\CNMVSya.DLL
[2007/05/14 21:32:02 | 00,000,356 | R--- | C] () -- C:\WINDOWS\System32\CNCASv50.ini
[2007/05/14 21:31:45 | 00,000,462 | R--- | C] () -- C:\WINDOWS\System32\CNCMP50.INI
[2006/09/27 00:06:30 | 00,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2006/05/29 20:27:51 | 00,000,303 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006/05/11 13:48:18 | 00,000,185 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/05/11 13:45:09 | 00,000,256 | ---- | C] () -- C:\WINDOWS\PROVW.INI
[2006/05/11 13:45:08 | 00,000,687 | ---- | C] () -- C:\WINDOWS\KPSTUDIO.INI
[2006/04/02 13:45:56 | 00,000,492 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/30 09:14:00 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2005/08/11 21:44:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/08/06 08:30:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/02/07 22:17:42 | 00,000,070 | ---- | C] () -- C:\WINDOWS\EDNO.INI
[2004/11/13 00:55:01 | 00,004,998 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/11 20:30:43 | 00,000,200 | ---- | C] () -- C:\WINDOWS\lynxview.ini
[2004/09/06 09:25:49 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Application Data\PFP110JPR.{PB
[2004/09/06 09:25:49 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Application Data\PFP110JCM.{PB
[2004/08/01 12:14:18 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/05/05 22:14:40 | 00,069,120 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/05 19:26:33 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\fusioncache.dat
[2004/05/05 19:13:05 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Dan Reardon.ini
[2004/04/26 22:30:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dan Reardon\Application Data\DESKTOP.INI
[2004/04/26 22:30:43 | 00,139,008 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/04/26 22:30:42 | 05,745,040 | -H-- | C] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\IconCache.db
[2004/04/20 21:34:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/20 21:26:23 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/04/20 21:20:10 | 00,000,330 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/20 21:13:15 | 00,000,893 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/20 20:54:24 | 00,443,380 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/04/20 20:53:38 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/20 20:38:20 | 00,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/09 10:10:48 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/20 13:39:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/10 02:17:24 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 02:17:24 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/05/30 09:00:02 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2003/05/30 09:00:02 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/12 00:14:32 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2002/12/12 00:14:32 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2002/12/12 00:14:32 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2002/12/12 00:14:32 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2002/12/12 00:14:32 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2002/12/12 00:14:32 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2002/12/12 00:14:32 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2002/09/03 08:59:58 | 00,001,067 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 08:59:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CONTROL.INI
[2002/09/03 08:59:14 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 08:56:20 | 00,000,037 | ---- | C] () -- C:\WINDOWS\VBADDIN.INI
[2002/09/03 08:56:20 | 00,000,036 | ---- | C] () -- C:\WINDOWS\VB.INI
[2002/09/03 08:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 08:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/08/29 05:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\ESENTPRF.INI
[2002/08/29 05:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2002/08/29 05:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2002/08/29 05:00:00 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2002/08/29 05:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2002/08/29 05:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\IR32_32.DLL
[2002/08/29 05:00:00 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2002/08/29 05:00:00 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\PAQSP.DLL
[2002/08/29 05:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\MSENCODE.DLL
[2002/08/29 05:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2002/08/29 05:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\KEY01.SYS
[2002/08/29 05:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\KEYBOARD.SYS
[2002/08/29 05:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2002/08/29 05:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2002/08/29 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2002/08/29 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2002/08/29 05:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2002/08/29 05:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\NTDOS411.SYS
[2002/08/29 05:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\NTDOS412.SYS
[2002/08/29 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\NTDOS804.SYS
[2002/08/29 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\NTDOS404.SYS
[2002/08/29 05:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\NTDOS.SYS
[2002/08/29 05:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\COUNTRY.SYS
[2002/08/29 05:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\TSD32.DLL
[2002/08/29 05:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\WIN87EM.DLL
[2002/08/29 05:00:00 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\TSLABELS.INI
[2002/08/29 05:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\RSVP.INI
[2002/08/29 05:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ANSI.SYS
[2002/08/29 05:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\PSCHDPRF.INI
[2002/08/29 05:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\HIMEM.SYS
[2002/08/29 05:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2002/08/29 05:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\RASCTRS.INI
[2002/08/29 05:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\PERFCI.INI
[2002/08/29 05:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\PERFWCI.INI
[2002/08/29 05:00:00 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\MSDTCPRF.INI
[2002/08/29 05:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\MSDFMAP.INI
[2002/08/29 05:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\PERFFILT.INI
[2002/08/29 05:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\PRODSPEC.INI
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 20:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2004/04/20 21:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/08/26 21:11:12 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\2a4eaa7
[2007/02/23 08:22:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/01/19 09:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2005/08/09 20:53:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2002/09/03 08:50:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2006/03/05 22:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/08/26 22:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/01/10 08:52:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/06/16 06:19:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2005/08/08 22:39:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2004/06/13 21:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/08/31 05:58:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/02/12 22:20:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2009/01/30 11:36:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/09/22 14:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/01/20 21:36:28 | 00,005,115 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2007/10/01 09:06:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2004/04/20 21:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/04/20 21:14:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/08/31 18:44:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/01/20 21:42:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/08/26 20:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/08 20:43:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2006/03/11 19:16:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2005/08/09 20:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/02 20:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/01/19 22:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/10/06 21:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/02/01 12:04:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Adobe
[2006/03/09 23:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\AdobeUM
[2008/02/02 20:48:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Aim
[2004/12/04 22:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\AOL
[2005/04/05 21:33:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Autodesk
[2008/02/15 21:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Canon
[2006/03/06 22:08:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Chessmaster Challenge
[2004/09/06 09:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Corel
[2004/04/26 22:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\CyberLink
[2002/09/03 08:50:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Dan Reardon\Application Data\DESKTOP.INI
[2006/09/17 21:05:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Google
[2007/04/09 22:09:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Gtek
[2005/04/05 19:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Help
[2004/04/20 20:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Identities
[2004/04/26 22:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Leadertech
[2007/09/16 11:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Macromedia
[2009/08/31 05:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Malwarebytes
[2008/01/15 23:16:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Microsoft
[2006/04/02 15:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Microsoft Web Folders
[2008/03/19 20:54:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\MSN6
[2004/09/06 09:25:49 | 00,012,358 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Application Data\PFP110JCM.{PB
[2004/09/06 09:25:49 | 00,061,678 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Application Data\PFP110JPR.{PB
[2004/06/25 19:58:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Real
[2008/10/23 20:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Simply Super Software
[2004/04/26 22:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Sonic
[2004/04/20 21:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Sun
[2008/11/03 21:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Symantec
[2008/04/25 13:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\U3
[2006/03/02 23:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Verizon
[2007/09/16 11:42:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Viewpoint
[2008/01/19 22:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan Reardon\Application Data\Yahoo!
[2002/09/03 08:50:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\DESKTOP.INI
[2004/04/20 20:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2008/04/11 10:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Macromedia
[2004/04/20 21:20:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2004/04/20 21:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Real
[2004/04/20 21:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sonic
[2004/04/20 21:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sun
[2002/09/03 08:50:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Guest\Application Data\DESKTOP.INI
[2009/11/18 14:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Google
[2004/04/20 20:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Identities
[2008/04/11 10:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Macromedia
[2004/04/20 21:20:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Guest\Application Data\Microsoft
[2004/04/20 21:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Real
[2004/04/20 21:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Sonic
[2004/04/20 21:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Sun
[2009/11/18 14:09:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Yahoo!
[2008/01/13 18:43:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/03/26 20:37:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/02/02 20:39:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/03 10:43:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Adobe
[2007/03/28 10:45:15 | 00,000,877 | ---- | M] () -- C:\Documents and Settings\Margaret Reardon\Application Data\AdobeDLM.log
[2008/06/04 12:22:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\AdobeUM
[2005/08/08 21:05:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Aim
[2004/11/01 19:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\AOL
[2009/02/27 20:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Canon
[2005/08/06 08:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Corel
[2004/11/13 00:48:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\CyberLink
[2002/09/03 08:50:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Margaret Reardon\Application Data\DESKTOP.INI
[2007/03/28 10:45:15 | 00,000,006 | ---- | M] () -- C:\Documents and Settings\Margaret Reardon\Application Data\dm.ini
[2006/09/19 06:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Google
[2007/04/10 12:37:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\GTek
[2004/09/05 22:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Help
[2004/04/20 20:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Identities
[2009/09/29 14:39:02 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\lowsec
[2006/03/06 19:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Macromedia
[2009/06/18 15:41:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Microsoft
[2004/06/03 20:06:54 | 00,012,358 | ---- | M] () -- C:\Documents and Settings\Margaret Reardon\Application Data\PFP110JCM.{PB
[2004/06/03 20:06:54 | 00,061,678 | ---- | M] () -- C:\Documents and Settings\Margaret Reardon\Application Data\PFP110JPR.{PB
[2006/06/07 06:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Real
[2004/09/11 09:58:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Sonic
[2004/04/20 21:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Sun
[2008/11/05 14:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Symantec
[2006/03/06 19:53:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Verizon
[2008/04/15 16:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Viewpoint
[2008/01/21 11:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\Yahoo!
[2008/01/18 03:01:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/12 14:30:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Adobe
[2002/09/03 08:50:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Patrick Reardon\Application Data\DESKTOP.INI
[2006/09/22 14:46:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Google
[2007/04/09 22:06:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Gtek
[2004/04/20 20:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Identities
[2006/09/22 14:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Macromedia
[2004/05/17 08:17:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Microsoft
[2006/09/22 14:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\MSN6
[2004/04/20 21:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Real
[2004/04/20 21:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Sonic
[2004/04/20 21:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Sun
[2006/05/07 12:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Verizon
[2009/02/12 14:29:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrick Reardon\Application Data\Yahoo!
[2002/09/03 08:50:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Sarah Reardon\Application Data\DESKTOP.INI
[2007/04/09 22:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sarah Reardon\Application Data\Gtek
[2004/04/20 20:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sarah Reardon\Application Data\Identities
[2004/04/20 21:20:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Sarah Reardon\Application Data\Microsoft
[2004/04/20 21:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sarah Reardon\Application Data\Real
[2004/04/20 21:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sarah Reardon\Application Data\Sonic
[2004/04/20 21:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sarah Reardon\Application Data\Sun
[2006/05/12 12:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sarah Reardon\Application Data\Verizon
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/11/22 09:15:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >
[2005/12/05 20:53:56 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2002/08/29 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL
[1 C:\I386\*.tmp files -> C:\I386\*.tmp -> ]
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[8 C:\WINDOWS\SYSTEM32\*.tmp files -> C:\WINDOWS\SYSTEM32\*.tmp -> ]

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2003/04/23 09:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
[1 C:\I386\*.tmp files -> C:\I386\*.tmp -> ]
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2003/04/23 09:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2001/08/17 13:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[1 C:\I386\*.tmp files -> C:\I386\*.tmp -> ]
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMDRIVE%\tdl*.dll /s /md5 >

========== Files - Unicode (All) ==========
[2008/01/15 19:08:11 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
[2008/01/15 19:08:11 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
[2008/01/15 05:27:38 | 00,000,000 | ---D | M](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
[2008/01/13 18:30:34 | 00,000,000 | ---D | M](C:\WINDOWS\F?nts\F?nts) -- C:\WINDOWS\Fοnts\Fοnts
[2008/01/13 18:29:17 | 00,000,000 | ---D | C](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle

========== Alternate Data Streams ==========


now the "EXTRAS" logfile:


OTL Extras logfile created on: 11/22/2009 10:06:07 AM - Run 1
OTL by OldTimer - Version 3.1.6.3 Folder = C:\Documents and Settings\Dan Reardon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 78.83% Memory free
2.23 Gb Paging File | 1.92 Gb Available in Paging File | 86.28% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 14.15 Gb Free Space | 25.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REARDONLAPTOP
Current User Name: Dan Reardon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- (Electronic Arts)
"C:\Documents and Settings\All Users\Application Data\2a4eaa7\WI2a4e.exe" = C:\Documents and Settings\All Users\Application Data\2a4eaa7\WI2a4e.exe:*:Enabled:Windows Protection Suite -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{050ED764-D5FD-4D33-8FCD-AC48250C0798}" = LeadTool
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13413C6C-C640-40B8-917E-CA3062826B18}" = PIXELA ImageMixer
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{20227921-DB38-4810-9162-DDC6FCA936E7}" = Dell Home Systems Services Agreement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2C351DB8-E088-41A2-9BF0-113727FBB697}" = Intel® PROSet
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4669544E-20E4-4E56-8B44-2E6E1200051F}" = Canon MP Toolbox 4.1
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4DBBA793-4668-48DE-BDA8-AC105FE460F1}" = Wireless
"{4EAE8F8E-0C2E-4814-9A04-635AFB9050AA}" = ESET NOD32 Antivirus
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{5783F2D7-0001-0409-0000-0060B0CE6BBA}" = AutoCAD 2000i
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Canon MP Drivers
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6829D65-F5C5-47F0-00BC-F5906EA94F4C}" = Tiger Woods PGA TOUR 07
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C2444FA0-04AA-4221-B652-73713947ED22}" = Anti-Spyware
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C42C10A8-F2F4-4846-B772-ABD1912A2E85}" = PCDrdsho
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3386797-A836-4030-AB5D-4E89F2F15F33}" = Authentium
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D8C9328A-3587-439F-9458-226158211972}" = Verizon PC Security Checkup
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"040a_5005" = USB MassStorage CardReader
"2G_1.2" = JumpStart 2nd Grade v1.2
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"AMA" = AutoCAD 2000i Migration Assistance
"AnswerWorks" = AnswerWorks Runtime
"Autodesk Learning Assistance" = Autodesk Learning Assistance
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"FLVPlayer" = FLV Player 1.3.3
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Kid Phonics 2" = Kid Phonics 2
"Kid Pix Studio Deluxe 1.0" = Kid Pix Studio Deluxe
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MathRock" = Schoolhouse Rock: Math Rock
"MemObj" = MemObj
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCnC" = Microsoft Command & Control Engine
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSLex" = Microsoft Speech Lexicon
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Print Artist 12.0" = SierraHome Print Artist 12.0
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
"Reader Rabbit Personalized Kindergarten" = Reader Rabbit Personalized Kindergarten
"RealPlayer 6.0" = RealOne Player
"Rp Scan and Clean {D8C9328A-3587-439F-9458-226158211972}" = Verizon PC Security Checkup
"Shockwave" = Shockwave
"SpeechAPI" = Microsoft Speech API 3.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Verizon Online DSL_is1" = Verizon Online DSL
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZBB" = Verizon Broadband Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winmail Opener" = Winmail Opener 1.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/7/2009 7:31:09 PM | Computer Name = REARDONLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
unknown, version 0.0.0.0, fault address 0x6034a049.

Error - 9/7/2009 7:31:16 PM | Computer Name = REARDONLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
unknown, version 0.0.0.0, fault address 0x6034a049.

Error - 9/7/2009 7:34:02 PM | Computer Name = REARDONLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
unknown, version 0.0.0.0, fault address 0x6034a049.

Error - 9/7/2009 7:34:10 PM | Computer Name = REARDONLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
unknown, version 0.0.0.0, fault address 0x6034a049.

Error - 9/7/2009 7:57:29 PM | Computer Name = REARDONLAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

Error - 9/10/2009 10:04:20 AM | Computer Name = REARDONLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module unknown, version 0.0.0.0, fault address 0x038c0468.

Error - 9/22/2009 1:34:33 PM | Computer Name = REARDONLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/26/2009 7:34:38 PM | Computer Name = REARDONLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00c15aab.

Error - 10/20/2009 2:03:28 PM | Computer Name = REARDONLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module acropdf.dll, version 7.0.9.0, fault address 0x0002f3d3.

Error - 11/7/2009 8:24:35 PM | Computer Name = REARDONLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/1/2009 9:38:58 PM | Computer Name = REARDONLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 10/27/2009 9:11:59 PM | Computer Name = REARDONLAPTOP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.

Error - 10/28/2009 7:56:28 PM | Computer Name = REARDONLAPTOP | Source = PSched | ID = 14103
Description = QoS [Adapter {62AA520F-9A6A-45AC-9350-95EF9764C242}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 10/29/2009 9:13:49 PM | Computer Name = REARDONLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.


< End of report >





@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 AM

Posted 22 November 2009 - 05:20 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O4 - HKLM..\Run: [Cleanup] C:\DOCUME~1\DANREA~1\LOCALS~1\Temp\2008212222037_mcappins.exe File not found
    O4 - HKLM..\Run: [msci] C:\DOCUME~1\DANREA~1\LOCALS~1\Temp\2008212222018_mcinfo.exe File not found
    F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\System32\mljkk.exe) - C:\WINDOWS\System32\mljkk.exe File not found
    F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\System32\mljkk.exe) - C:\WINDOWS\System32\mljkk.exe File not found
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2009/09/29 14:39:02 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Margaret Reardon\Application Data\lowsec
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

=======================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Pats2010

Pats2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Boston, Ma
  • Local time:07:46 AM

Posted 23 November 2009 - 09:49 PM

Sam,
Thanx again! Following is the log from the "run fix" of otl




All processes killed
========== OTL ==========
Unable to set value : HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Unable to set value : HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E!
Unable to set value : HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
Unable to set value : HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Unable to set value : HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E!
Unable to set value : HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
Unable to set value : HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cleanup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msci deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\WINDOWS\System32\mljkk.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\WINDOWS\System32\mljkk.exe deleted successfully.
C:\WINDOWS\System32\CNCUPM2K.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET41.tmp deleted successfully.
C:\WINDOWS\System32\SET43.tmp deleted successfully.
C:\WINDOWS\System32\SET47.tmp deleted successfully.
C:\WINDOWS\System32\SET48.tmp deleted successfully.
C:\WINDOWS\System32\SET4F.tmp deleted successfully.
C:\WINDOWS\System32\SET51.tmp deleted successfully.
C:\WINDOWS\002263_.tmp deleted successfully.
C:\WINDOWS\005402_.tmp deleted successfully.
C:\Documents and Settings\Margaret Reardon\Application Data\lowsec folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
C:\WINDOWS\Fοnts\Fοnts folder moved successfully.
C:\WINDOWS\Fοnts folder moved successfully.
C:\Program Files\Common Files\Оracle folder moved successfully.

[EMPTYTEMP]

User: Administrator

User: All Users

User: Dan Reardon
->Temp folder emptied: 255122574 bytes
->Temporary Internet Files folder emptied: 661022064 bytes
->Java cache emptied: 126789 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 17277 bytes
->Temporary Internet Files folder emptied: 436605 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13266847 bytes

User: Margaret Reardon
->Temp folder emptied: 78978071 bytes
->Temporary Internet Files folder emptied: 122259495 bytes
->Java cache emptied: 5255525 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Patrick Reardon
->Temp folder emptied: 1407488 bytes
->Temporary Internet Files folder emptied: 7694155 bytes
->Java cache emptied: 36718 bytes

User: Sarah Reardon
->Temp folder emptied: 420 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 7476144 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1166478 bytes
RecycleBin emptied: 366751567 bytes

Total Files Cleaned = 1450.65 mb


OTL by OldTimer - Version 3.1.6.3 log created on 11232009_211507

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Also here is the latest otl log:

OTL logfile created on: 11/23/2009 9:42:31 PM - Run 2
OTL by OldTimer - Version 3.1.6.3 Folder = C:\Documents and Settings\Dan Reardon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.58% Memory free
2.23 Gb Paging File | 1.95 Gb Available in Paging File | 87.73% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 15.66 Gb Free Space | 28.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REARDONLAPTOP
Current User Name: Dan Reardon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/22 10:02:52 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
PRC - [2009/08/27 00:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/24 19:51:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/10/24 19:50:00 | 01,451,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/08 20:08:54 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/05/16 19:45:56 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
PRC - [2004/10/26 12:01:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2004/01/12 06:53:30 | 00,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
PRC - [2004/01/09 10:12:08 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\SYSTEM32\1XConfig.exe
PRC - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe
PRC - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe
PRC - [2003/06/20 03:43:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/14 18:37:56 | 00,098,304 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\BacsTray.exe
PRC - [2003/02/04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/22 10:02:52 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\mslbui.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/06/17 09:17:10 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/24 19:56:30 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008/10/24 19:51:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/05/16 19:45:56 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/26 12:01:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2003/04/29 14:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/02/04 08:22:30 | 00,181,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE -- (ScsiAccess)
SRV - [2002/08/29 05:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\IPXSAP.DLL -- (NwSapAgent)


========== Driver Services (SafeList) ==========

DRV - [2008/10/24 19:53:28 | 00,034,824 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - [2008/10/24 19:46:24 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\SYSTEM32\DRIVERS\easdrv.sys -- (easdrv)
DRV - [2008/10/24 19:45:32 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys -- (eamon)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/12/02 20:20:30 | 00,028,256 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -- (MxlW2k)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/02/25 11:10:48 | 00,005,376 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys.vir -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/05/17 03:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2005/05/16 19:44:30 | 00,768,712 | R--- | M] (Command Software Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\css-dvp.sys -- (CSS DVP)
DRV - [2004/10/26 12:01:00 | 02,830,688 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/04/20 21:15:36 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/01/19 17:28:48 | 00,256,688 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/01/13 02:41:46 | 02,482,176 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51) Intel®
DRV - [2004/01/09 09:49:52 | 00,010,970 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2003/08/21 19:25:52 | 00,094,600 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/06 01:04:00 | 00,100,373 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 01:04:00 | 00,098,068 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 01:04:00 | 00,083,284 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 01:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 01:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 01:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 01:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 01:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 01:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 03:21:00 | 00,084,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/30 02:02:00 | 00,017,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2003/07/14 11:28:40 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 11:28:22 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/07/03 15:59:00 | 00,189,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/07/03 15:56:00 | 00,631,680 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/07/03 15:55:00 | 01,063,936 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/20 02:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/06/02 08:02:42 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/09 13:48:00 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/07 16:19:26 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/11/18 18:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\gv3.sys -- (gv3)
DRV - [2002/08/29 05:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2002/08/29 05:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2001/11/05 09:23:52 | 00,299,923 | ---- | M] (Sony Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 00,006,097 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\sonyhcb.sys -- (sonyhcb)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/vzc.portal
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\S-1-5-21-1133200692-3295021346-3824702933-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\S-1-5-21-1133200692-3295021346-3824702933-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost



O1 HOSTS File: (98 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [bacstray] C:\WINDOWS\System32\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1133200692-3295021346-3824702933-1007\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://echoln1.emcor.net/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1251583610162 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx (InstaFred)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.243.0.12 68.237.161.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 () - C:\Program Files\Windows NT\promymyce.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O27 - HKLM IFEO\init32.exe : Debugger - svchost.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/05 19:40:00 | 00,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{63d4f810-2240-11de-8ea4-000f1f100ae2}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{cd3daf62-12e0-11dd-8d99-000f1f100ae2}\Shell - "" = AutoRun
O33 - MountPoints2\{cd3daf62-12e0-11dd-8d99-000f1f100ae2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd3daf62-12e0-11dd-8d99-000f1f100ae2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/23 21:15:07 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/22 10:02:42 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
[2009/11/21 10:40:07 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dan Reardon\Desktop\RootRepeal.exe
[2006/03/03 00:52:40 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2009/11/23 21:32:40 | 00,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/23 21:32:38 | 00,035,998 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/11/23 21:24:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/23 21:24:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/23 21:24:35 | 21,467,42272 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/23 21:23:39 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Dan Reardon\NTUSER.DAT
[2009/11/23 21:23:39 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan Reardon\NTUSER.INI
[2009/11/23 21:15:08 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2009/11/23 20:56:42 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/22 10:02:52 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
[2009/11/21 10:40:26 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Desktop\settings.dat
[2009/11/21 10:40:11 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dan Reardon\Desktop\RootRepeal.exe
[2009/11/21 10:03:25 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Desktop\dds.scr
[2009/11/18 14:12:24 | 00,035,998 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/11/11 18:24:00 | 00,436,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 10:09:27 | 00,001,067 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 22:45:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 08:36:10 | 00,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 08:36:10 | 00,383,822 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/02 08:36:10 | 00,054,010 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

========== Files Created - No Company Name ==========

[2009/11/21 10:40:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Desktop\settings.dat
[2009/11/21 10:03:00 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Desktop\dds.scr
[2009/10/13 14:54:32 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/11 10:22:44 | 00,002,115 | ---- | C] () -- C:\WINDOWS\RRK32.INI
[2009/08/11 10:22:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/04/12 19:15:05 | 00,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/01/20 21:36:28 | 00,005,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/10/24 19:53:28 | 00,034,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2008/10/23 20:10:10 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/10/23 20:10:10 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2008/10/23 20:10:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/10/23 20:10:10 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/01/19 09:16:32 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/11/13 17:25:07 | 00,781,834 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/11/13 17:25:07 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/11/13 17:18:37 | 00,000,056 | ---- | C] () -- C:\WINDOWS\cglp.ini
[2007/10/08 20:27:18 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Type to Learn Jr.ini
[2007/09/24 17:23:14 | 00,000,118 | ---- | C] () -- C:\WINDOWS\type32.ini
[2007/09/10 20:47:22 | 00,000,245 | ---- | C] () -- C:\WINDOWS\KA.ini
[2007/07/29 23:13:22 | 00,000,033 | ---- | C] () -- C:\WINDOWS\VBA.INI
[2007/07/29 22:04:15 | 00,001,626 | ---- | C] () -- C:\WINDOWS\winproj4.ini
[2007/07/29 22:04:15 | 00,000,123 | ---- | C] () -- C:\WINDOWS\MSMAIL.INI
[2007/05/14 21:33:28 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\CNMVSya.DLL
[2007/05/14 21:32:02 | 00,000,356 | R--- | C] () -- C:\WINDOWS\System32\CNCASv50.ini
[2007/05/14 21:31:45 | 00,000,462 | R--- | C] () -- C:\WINDOWS\System32\CNCMP50.INI
[2006/09/27 00:06:30 | 00,000,420 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI
[2006/05/29 20:27:51 | 00,000,303 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006/05/11 13:48:18 | 00,000,185 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/05/11 13:45:09 | 00,000,256 | ---- | C] () -- C:\WINDOWS\PROVW.INI
[2006/05/11 13:45:08 | 00,000,687 | ---- | C] () -- C:\WINDOWS\KPSTUDIO.INI
[2006/04/02 13:45:56 | 00,000,492 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/30 09:14:00 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2005/08/11 21:44:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/08/06 08:30:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/02/07 22:17:42 | 00,000,070 | ---- | C] () -- C:\WINDOWS\EDNO.INI
[2004/11/13 00:55:01 | 00,004,998 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/11 20:30:43 | 00,000,200 | ---- | C] () -- C:\WINDOWS\lynxview.ini
[2004/09/06 09:25:49 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Application Data\PFP110JPR.{PB
[2004/09/06 09:25:49 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Application Data\PFP110JCM.{PB
[2004/08/01 12:14:18 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/05/05 22:14:40 | 00,069,120 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/05 19:26:33 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\fusioncache.dat
[2004/05/05 19:13:05 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Dan Reardon.ini
[2004/04/26 22:30:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dan Reardon\Application Data\DESKTOP.INI
[2004/04/26 22:30:43 | 00,139,008 | ---- | C] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/04/26 22:30:42 | 05,745,040 | -H-- | C] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\IconCache.db
[2004/04/20 21:34:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/20 21:26:23 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/04/20 21:20:10 | 00,000,330 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/20 21:13:15 | 00,000,893 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/20 20:54:24 | 00,443,380 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/04/20 20:53:38 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/20 20:38:20 | 00,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/09 10:10:48 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/20 13:39:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/10 02:17:24 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 02:17:24 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/05/30 09:00:02 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2003/05/30 09:00:02 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/12 00:14:32 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2002/12/12 00:14:32 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2002/12/12 00:14:32 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2002/12/12 00:14:32 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2002/12/12 00:14:32 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2002/12/12 00:14:32 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2002/12/12 00:14:32 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2002/09/03 08:59:58 | 00,001,067 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 08:59:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CONTROL.INI
[2002/09/03 08:59:14 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 08:56:20 | 00,000,037 | ---- | C] () -- C:\WINDOWS\VBADDIN.INI
[2002/09/03 08:56:20 | 00,000,036 | ---- | C] () -- C:\WINDOWS\VB.INI
[2002/09/03 08:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 08:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/08/29 05:00:00 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\ESENTPRF.INI
[2002/08/29 05:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2002/08/29 05:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2002/08/29 05:00:00 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2002/08/29 05:00:00 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2002/08/29 05:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\IR32_32.DLL
[2002/08/29 05:00:00 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2002/08/29 05:00:00 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\PAQSP.DLL
[2002/08/29 05:00:00 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\MSENCODE.DLL
[2002/08/29 05:00:00 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2002/08/29 05:00:00 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\KEY01.SYS
[2002/08/29 05:00:00 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\KEYBOARD.SYS
[2002/08/29 05:00:00 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2002/08/29 05:00:00 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2002/08/29 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2002/08/29 05:00:00 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2002/08/29 05:00:00 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2002/08/29 05:00:00 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\NTDOS411.SYS
[2002/08/29 05:00:00 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\NTDOS412.SYS
[2002/08/29 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\NTDOS804.SYS
[2002/08/29 05:00:00 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\NTDOS404.SYS
[2002/08/29 05:00:00 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\NTDOS.SYS
[2002/08/29 05:00:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\COUNTRY.SYS
[2002/08/29 05:00:00 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\TSD32.DLL
[2002/08/29 05:00:00 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\WIN87EM.DLL
[2002/08/29 05:00:00 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\TSLABELS.INI
[2002/08/29 05:00:00 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\RSVP.INI
[2002/08/29 05:00:00 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ANSI.SYS
[2002/08/29 05:00:00 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\PSCHDPRF.INI
[2002/08/29 05:00:00 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\HIMEM.SYS
[2002/08/29 05:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2002/08/29 05:00:00 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\RASCTRS.INI
[2002/08/29 05:00:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\PERFCI.INI
[2002/08/29 05:00:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\PERFWCI.INI
[2002/08/29 05:00:00 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\MSDTCPRF.INI
[2002/08/29 05:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\MSDFMAP.INI
[2002/08/29 05:00:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\PERFFILT.INI
[2002/08/29 05:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\PRODSPEC.INI
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 20:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >
[2009/11/23 21:32:40 | 00,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/23 21:32:38 | 00,035,998 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/11/23 21:24:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/23 21:24:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/23 21:23:39 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Dan Reardon\NTUSER.DAT
[2009/11/23 21:23:39 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan Reardon\NTUSER.INI
[2009/11/23 21:15:08 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2009/11/23 21:15:08 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/23 20:56:42 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/22 10:02:52 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
[2009/11/21 10:40:26 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Desktop\settings.dat
[2009/11/21 10:40:11 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dan Reardon\Desktop\RootRepeal.exe
[2009/11/21 10:03:25 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Desktop\dds.scr
[2009/11/18 14:12:24 | 00,035,998 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/11/11 18:24:00 | 00,436,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 10:09:27 | 00,001,067 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 22:45:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 08:36:10 | 00,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 08:36:10 | 00,383,822 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/02 08:36:10 | 00,054,010 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/08/31 19:58:46 | 00,069,120 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 19:14:13 | 00,139,008 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/20 21:36:28 | 00,005,115 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/04/11 11:35:20 | 05,745,040 | -H-- | M] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\IconCache.db
[2006/03/03 00:52:30 | 00,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/09/06 09:25:49 | 00,061,678 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Application Data\PFP110JPR.{PB
[2004/09/06 09:25:49 | 00,012,358 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Application Data\PFP110JCM.{PB
[2004/05/05 19:26:33 | 00,000,134 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Local Settings\Application Data\fusioncache.dat
[2002/09/03 08:50:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Dan Reardon\Application Data\DESKTOP.INI
[2002/09/03 08:50:46 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

========== Files - Modified Within 30 Days ==========

[2009/11/23 21:32:40 | 00,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/23 21:32:38 | 00,035,998 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/11/23 21:24:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/23 21:24:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/23 21:24:35 | 21,467,42272 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/23 21:23:39 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Dan Reardon\NTUSER.DAT
[2009/11/23 21:23:39 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan Reardon\NTUSER.INI
[2009/11/23 21:15:08 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2009/11/23 20:56:42 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/22 10:02:52 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Reardon\Desktop\OTL.exe
[2009/11/21 10:40:26 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Desktop\settings.dat
[2009/11/21 10:40:11 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dan Reardon\Desktop\RootRepeal.exe
[2009/11/21 10:03:25 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Dan Reardon\Desktop\dds.scr
[2009/11/18 14:12:24 | 00,035,998 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/11/11 18:24:00 | 00,436,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 10:09:27 | 00,001,067 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 22:45:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 08:36:10 | 00,443,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 08:36:10 | 00,383,822 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/02 08:36:10 | 00,054,010 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 AM

Posted 24 November 2009 - 07:57 AM

Did you run Malwarebytes?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Pats2010

Pats2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Boston, Ma
  • Local time:07:46 AM

Posted 24 November 2009 - 10:29 PM

Sam,
Yes I did. Sorry about that i forgot to post the log.


Malwarebytes' Anti-Malware 1.41
Database version: 3221
Windows 5.1.2600 Service Pack 3

11/24/2009 7:31:01 AM
mbam-log-2009-11-24 (07-31-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 239436
Time elapsed: 1 hour(s), 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 AM

Posted 25 November 2009 - 08:53 AM

How is your computer behaving now? Are you still being redirected?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Pats2010

Pats2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Boston, Ma
  • Local time:07:46 AM

Posted 25 November 2009 - 07:04 PM

Sam,
So far sooo gooood! Performed several searches with google and no redirect issue Computer appears to be running much faster as well!.
No more redirects as of yet. I did have an error message openng my verizon account, but it kicked off on the second try; no reboot required.

Any idea what that nasty little bugger virus was? Also any recommendations for firewall, security, virus protection?

Thank you very much! I will keep you posted!

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 AM

Posted 25 November 2009 - 07:53 PM

For the most part it looked to be remnants from several infections that weren't removed completely.
Here's some final steps and then some recommendations for you.

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Pats2010

Pats2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Boston, Ma
  • Local time:07:46 AM

Posted 27 November 2009 - 02:27 PM

Sam,
Thank you for all of your help! My computer appears to be working much better now, no google redirects etc. I ran the otl cleanup and xp restore disable/enable as you instructed. I am in the process of reviewing/digesting all of the virus protection, firewall and security info you provided. Currently I am using ESET nod32 as my antivirus/antispyware. It was highly recommended by some folks at Microcenter, unfortunately I purchased it only after being infected and again after Norton 360 did not work. Also, I am running the generic Windows XP firewall. Idid use spybot at one point, but was confused by it with the popups asking to allow regisry changes etc.

Thanks again for all of your help!

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 AM

Posted 28 November 2009 - 10:32 AM

I also would recommend Nod32 over Norton. No single program is going to be completely effective stopping everything, but by combining the steps I posted your system will be much more secure.

Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users