Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with DNS changer trojan


  • This topic is locked This topic is locked
15 replies to this topic

#1 timjh

timjh

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 02 December 2009 - 12:18 AM

I want to say first that tried to follow the Prep Guide, but was unable to get DDS to run. I was instructed to run RSIT instead, and am posting that log here along with the RootRepeal report.

This virus manifests itself when I type one particular URL (www.sjmercury.com) in the address bar of a browser. After hitting Enter, I am not taken to sjmercury.com, but instead to a malicious site. I've also noticed that the time that appears in the Windows toolbar at the bottom right of the screen has set itself to military time. I am running Microsoft Windows XP Professional, version 5.1.2600.

Here is a link to the actions I was instructed to take on the Am I Infected? forum: http://www.bleepingcomputer.com/forums/t/273652/redirect-from-one-particular-website/

Per instructions on the other forum, I have run RSIT and RootRepeal. Here are those logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tim at 2009-12-01 20:59:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (10%) free of 73 GB
Total RAM: 1022 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:12, on 12/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tim\Desktop\RootRepeal.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Tim\Desktop\RSIT.exe
C:\Program Files\trend micro\Tim.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and

Settings\Tim\Application

Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba

}\library\fsaddin-0.78.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround

Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer

922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes'

Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe"

/noui
O4 - HKCU\..\Run: [Creative Detector] "C:\Program

Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe"

/autostart
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org

2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0

(SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -

http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -

http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) -

http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support

Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAEDBF92-5BE4-4F54-AD42-D4C283C2D9F1}: NameServer =

208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{AAEDBF92-5BE4-4F54-AD42-D4C283C2D9F1}: NameServer =

208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{AAEDBF92-5BE4-4F54-AD42-D4C283C2D9F1}: NameServer =

208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c98ecfb47598f0) (gupdate1c98ecfb47598f0) - Google

Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) -

SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10383 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-04-17

438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-12 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-04-17 438848]
{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - FireShot - C:\Documents and Settings\Tim\Application

Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba

}\library\fsaddin-0.78.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"CTSysVol"=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[2003-09-17 57344]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06

110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-12 122939]
"Dell Photo AIO Printer 922"=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

[2004-06-18 290816]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works

Shared\WkUFind.exe [2003-12-05 50688]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02

102400]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30

313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]
"OpenDNS Updater"=C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe [2009-11-16 839168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2
"iPod Service"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Tim\Start Menu\Programs\Startup
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

[2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\st

andardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla

Firefox\firefox.exe:*:Disabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WildGames\Penguins Arena\PenguinsArena.exe"="C:\Program

Files\WildGames\Penguins Arena\PenguinsArena.exe:*:Disabled:PenguinsArena"
"C:\Program Files\Aptana\Aptana Studio 1.2\jre\bin\javaw.exe"="C:\Program Files\Aptana\Aptana

Studio 1.2\jre\bin\javaw.exe:*:Disabled:Java™ Platform SE binary"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\PFPortChecker\PFPortChecker.exe"="C:\Program

Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if

your ports are properly forwarded."
"C:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe"="C:\Program Files\Aptana\Aptana

Studio 2.0\AptanaStudio.exe:*:Enabled:AptanaStudio"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\do

mainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common

Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online

9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe" "%1"

======List of files/folders created in the last 1 months======

2009-12-01 20:59:53 ----D---- C:\Program Files\trend micro
2009-12-01 20:59:52 ----D---- C:\rsit
2009-12-01 20:39:52 ----A---- C:\RootRepeal report 12-01-09 (20-39-52).txt
2009-11-28 00:37:35 ----D---- C:\Documents and Settings\Tim\Application Data\OpenDNS Updater
2009-11-28 00:37:34 ----D---- C:\Program Files\OpenDNS Updater
2009-11-27 23:25:12 ----D---- C:\Documents and Settings\Tim\Application Data\OpenOffice.org
2009-11-27 23:24:46 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-27 23:24:46 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-27 23:24:46 ----A---- C:\WINDOWS\system32\java.exe
2009-11-27 23:21:14 ----D---- C:\Program Files\JRE
2009-11-27 23:20:52 ----D---- C:\Program Files\OpenOffice.org 3
2009-11-27 23:18:46 ----SHD---- C:\Config.Msi
2009-11-27 21:45:03 ----D---- C:\fixpath2
2009-11-26 09:57:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-25 20:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 20:47:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 13:04:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-11 11:22:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

======List of files/folders modified in the last 1 months======

2009-12-01 20:59:53 ----D---- C:\Program Files
2009-12-01 20:12:36 ----D---- C:\WINDOWS\system32\DRIVERS
2009-12-01 19:27:49 ----D---- C:\Program Files\Mozilla Firefox
2009-12-01 19:26:13 ----D---- C:\WINDOWS\Temp
2009-12-01 19:25:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-01 19:25:23 ----D---- C:\WINDOWS
2009-12-01 17:20:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-01 15:22:42 ----A---- C:\WINDOWS\dellstat.ini
2009-11-30 17:20:50 ----D---- C:\WINDOWS\Minidump
2009-11-28 13:46:20 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-28 10:12:58 ----D---- C:\WINDOWS\Prefetch
2009-11-27 23:24:58 ----SHD---- C:\WINDOWS\Installer
2009-11-27 23:24:46 ----D---- C:\WINDOWS\SYSTEM32
2009-11-27 23:24:45 ----D---- C:\Program Files\Java
2009-11-27 23:22:58 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-11-27 23:21:31 ----RSD---- C:\WINDOWS\Fonts
2009-11-27 23:19:51 ----D---- C:\Program Files\OpenOffice.org 2.3
2009-11-27 23:07:50 ----D---- C:\Documents and Settings\Tim\Application Data\OpenOffice.org2
2009-11-26 09:58:23 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-26 09:58:16 ----D---- C:\Documents and Settings\Tim\Application

Data\SUPERAntiSpyware.com
2009-11-26 09:57:52 ----D---- C:\Program Files\Common Files
2009-11-25 20:47:42 ----HD---- C:\WINDOWS\INF
2009-11-25 20:47:37 ----A---- C:\WINDOWS\imsins.BAK
2009-11-25 20:47:29 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-11-25 20:46:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 20:46:13 ----D---- C:\WINDOWS\WinSxS
2009-11-25 14:07:51 ----D---- C:\Program Files\Google
2009-11-22 09:23:03 ----D---- C:\Tim_stuff
2009-11-20 17:05:25 ----D---- C:\Documents and Settings\Tim\Application Data\Mozilla
2009-11-20 14:25:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-19 15:23:13 ----D---- C:\Program Files\WildGames
2009-11-19 15:22:41 ----D---- C:\Program Files\WildTangent
2009-11-17 15:58:30 ----D---- C:\WINDOWS\system32\Macromed
2009-11-07 08:45:59 ----D---- C:\Tomsmusic
2009-11-05 09:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-04 16:03:43 ----D---- C:\Patsmusic09
2009-11-03 19:02:00 ----D---- C:\Programming

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,

4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;

C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-12 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-12 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-12 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-12 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-12 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-12 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-12 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-12 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-12 100603]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

[2003-09-22 130192]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10

154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys

[2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22

178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys

[2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;

C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13

25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;

C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys

[2005-04-12 10144]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys

[2005-04-12 22240]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys

[2005-04-12 5600]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys

[2005-04-12 45504]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;

C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys

[2005-07-24 14464]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM); C:\WINDOWS\system32\drivers\ymidusbw.sys [2007-02-26

32720]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,

4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir

Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe

[2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31

96370]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access;

C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe

[2009-10-11 153376]
R2 MySQL;MySQL; C:\xampp\mysql\bin\mysqld.exe [2009-08-05 5497856]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program

Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;

C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gupdate1c98ecfb47598f0;Google Update Service (gupdate1c98ecfb47598f0); C:\Program

Files\Google\Update\GoogleUpdate.exe [2009-02-14 133104]
S3 aspnet_state;ASP.NET State Service;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

[2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media

Player\WMPNetwk.exe [2006-10-18 913408]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

[2008-07-29 132096]

-----------------EOF-----------------

Attached Files

  • Attached File  ark.txt   3.94KB   13 downloads


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:08 AM

Posted 15 December 2009 - 11:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 timjh

timjh
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 15 December 2009 - 10:14 PM

Hello, and thanks for helping me with this. I downloaded DDS.scr and double-clicked it, but all I see (very briefly) is a command window and Notepad never opens.

#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:08 AM

Posted 16 December 2009 - 08:41 AM

Hello timjh and welcome to Bleeping Computer!! :(

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off when copying and pasting logs and only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.

Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:08 AM

Posted 18 December 2009 - 09:26 AM

Hello timjh,

I downloaded DDS.scr and double-clicked it, but all I see (very briefly) is a command window and Notepad never opens

Let's try something else.

Please turn Word Wrap off. In Notepad choose Format | Word Wrap. A checkmark means Word Wrap is on. Please click on Word Wrap to remove the checkmark before posting

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply please include:

OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized


Thanks!!!

Edited by pwgib, 18 December 2009 - 09:29 AM.

PW

#6 timjh

timjh
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 18 December 2009 - 08:14 PM

Here they are:

OTL logfile created on: 12/19/2009 12:53:31 AM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.60 Gb Available in Paging File | 90.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 0.86 Gb Free Space | 1.21% Space Free | Partition Type: NTFS
Drive D: | 827.18 Gb Total Space | 811.85 Gb Free Space | 98.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3GZS461
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\Documents and Settings\Patrick\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2009/12/19 00:33:57 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2009/12/18 05:11:20 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/23 08:43:26 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/16 11:58:38 | 00,839,168 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 00,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/19 10:23:24 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/05 23:00:00 | 05,497,856 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/08/04 00:49:00 | 00,318,096 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/21 09:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/04/18 11:16:02 | 00,073,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Profiler\LWEMon.exe
PRC - [2004/12/02 17:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/08/25 11:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2004/08/23 16:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/08/12 23:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2004/06/18 07:46:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2004/06/18 07:30:26 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2004/04/11 18:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2003/12/05 20:08:04 | 00,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2003/09/17 08:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2003/09/03 18:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2000/06/26 05:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
PRC - [1999/12/13 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/19 00:33:57 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
MOD - [2005/07/24 22:13:00 | 01,201,664 | R--- | M] (YAMAHA Corp.) -- C:\WINDOWS\SYSTEM32\xgusb.cpl


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/05 23:00:00 | 05,497,856 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/14 10:11:38 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98ecfb47598f0) Google Update Service (gupdate1c98ecfb47598f0)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/25 11:26:56 | 00,389,120 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/03/16 12:33:24 | 00,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/12/17 11:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2000/06/26 05:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/12/07 16:54:47 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/11/23 08:43:30 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/08 12:44:20 | 00,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/07/08 12:44:20 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/07/08 12:44:20 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/07/08 12:44:20 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/07/08 12:43:46 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/02/26 17:10:58 | 00,032,720 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusbw.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/04 21:12:26 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/09/29 09:01:51 | 00,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 06:06:28 | 00,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 04:44:04 | 00,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/07/24 22:13:00 | 00,014,464 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusb.sys -- (YMIDUSB)
DRV - [2005/05/16 05:20:39 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/04/12 19:21:32 | 00,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 19:21:28 | 00,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 19:21:28 | 00,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 19:21:26 | 00,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys -- (WmXlCore)
DRV - [2004/08/25 11:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 00:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/12 23:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/12 23:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/12 23:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/12 23:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/12 23:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/12 23:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/12 23:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/12 23:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/12 23:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 03:00:00 | 00,002,944 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\null.sys -- (Null)
DRV - [2004/08/04 01:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 09:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 09:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/15 20:52:40 | 00,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 10:16:00 | 00,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/03/05 20:15:34 | 00,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 01,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 00,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/10 13:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/09/22 06:48:00 | 00,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:00 | 00,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 10:19:00 | 00,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PFModNT.sys -- (PfModNT)
DRV - [2002/11/08 11:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\S-1-5-21-892888757-1397196022-3383280284-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\S-1-5-21-892888757-1397196022-3383280284-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\S-1-5-21-892888757-1397196022-3383280284-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: debugger@aptana.com:1.4.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.4
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
FF - prefs.js..extensions.enabledItems: librarydetector@paulbakaus.com:1.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {a089fffd-e0cb-431b-8d3a-ebb8afb26dcf}:0.81
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {636fd8b0-ce2b-4e00-b812-2afbe77ee899}:1.4.3


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 05:11:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 05:11:27 | 00,000,000 | ---D | M]

[2008/09/12 12:50:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2009/12/18 04:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions
[2009/10/28 12:59:15 | 00,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/13 18:49:48 | 00,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/08/02 18:49:54 | 00,000,000 | ---D | M] (XPather) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899}
[2009/10/17 18:53:24 | 00,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/08/28 11:41:08 | 00,000,000 | ---D | M] (Platypus) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{a089fffd-e0cb-431b-8d3a-ebb8afb26dcf}
[2009/12/13 18:49:49 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/10 01:04:11 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/05 19:27:46 | 00,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2009/11/20 19:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\debugger@aptana.com
[2009/11/06 10:43:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\firebug@software.joehewitt.com
[2009/12/11 03:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\firefox@ghostery.com
[2009/11/15 09:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\inspector@mozilla.org
[2009/08/28 11:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\librarydetector@paulbakaus.com
[2008/08/16 13:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\moveplayer@movenetworks.com
[2007/06/28 22:22:58 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\searchplugins\siteadvisor.xml
[2009/12/18 04:28:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/08 20:08:53 | 00,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npaxctrl.dll
[2009/03/30 16:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2007/07/23 10:36:46 | 00,086,016 | ---- | M] (Renaissance Learning Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npRLPrint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Peggy\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe File not found
O4 - Startup: C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Tommy\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
O4 - Startup: C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2))
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} http://www.investors.com/member/ocx/plotwon.ocx (Plotwon Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15034/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.222.222
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 21:11:39 | 00,000,062 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/19 00:33:57 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2009/12/17 03:06:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Temp
[2009/12/14 03:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\Video Converter
[2009/12/04 21:11:18 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2009/12/04 21:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/12/04 21:10:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Downloaded Installations
[2009/12/04 21:10:25 | 00,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2009/12/01 20:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/12/01 20:59:52 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/01 20:11:58 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Tim\Desktop\RootRepeal.exe
[2009/11/28 13:39:18 | 23,844,968 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Tim\Desktop\4ny7clhp.exe
[2009/11/28 00:37:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\OpenDNS Updater
[2009/11/28 00:37:34 | 00,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2009/11/27 23:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\OpenOffice.org
[2009/11/27 23:24:46 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/27 23:24:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/27 23:24:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/27 23:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/11/27 23:20:52 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/11/27 23:13:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/11/27 23:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2009/11/27 21:45:03 | 00,000,000 | ---D | C] -- C:\fixpath2
[2009/11/26 23:43:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\SmitfraudFix
[2009/11/26 09:57:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/24 13:04:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/24 13:04:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/24 13:04:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 12:58:20 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\zztoy.exe
[2009/11/21 09:50:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\My Received Files
[2009/09/02 12:53:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/14 13:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/14 10:11:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/03/19 06:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/19 08:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/12/26 15:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/08/05 20:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/08/05 20:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/07/19 16:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera
[2005/02/02 17:27:31 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek
[2004/12/22 14:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/11/23 19:00:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/11/23 19:00:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1979/12/31 22:00:00 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1979/12/31 22:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/19 00:33:57 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2009/12/19 00:10:45 | 06,029,312 | ---- | M] () -- C:\Documents and Settings\Tim\NTUSER.DAT
[2009/12/19 00:06:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/19 00:03:08 | 00,002,010 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\windowsliveadremover.js
[2009/12/18 23:46:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/12/18 22:44:48 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/18 22:44:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/18 22:44:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/18 22:44:35 | 32,192,79872 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/18 21:54:25 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Tim\NTUSER.INI
[2009/12/18 01:31:05 | 00,000,986 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/12/18 00:59:01 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Picture Studio v2.0.lnk
[2009/12/17 03:54:02 | 00,010,702 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Christmas2009.ods
[2009/12/17 03:08:56 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/16 03:08:22 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\dds.scr
[2009/12/14 03:29:32 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 03:17:40 | 00,094,000 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/12 03:55:06 | 03,932,214 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2009/12/11 03:25:49 | 00,016,277 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\rentalexpenses2.ods
[2009/12/11 03:15:04 | 00,010,767 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\HHdata.odt
[2009/12/11 03:13:10 | 00,017,057 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\rentalexpenses07.ods
[2009/12/11 03:12:45 | 00,012,689 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\lonetree.ods
[2009/12/11 03:12:06 | 00,016,388 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Carolinerental.ods
[2009/12/11 03:10:12 | 00,008,246 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\wklnhst.dat
[2009/12/09 19:14:56 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/12/09 19:14:56 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/12/09 19:14:54 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 17:34:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 16:54:47 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/07 16:31:35 | 00,089,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tim\MSSSerif120.fon
[2009/12/07 01:10:20 | 01,064,294 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\ipinfo.bmp
[2009/12/06 02:47:00 | 00,020,782 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\System Information (Hardware).html
[2009/12/06 00:13:07 | 00,837,858 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\defltmnprops.bmp
[2009/12/06 00:11:11 | 00,259,086 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\colormodes.bmp
[2009/12/05 23:19:36 | 00,551,514 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\viddriver.bmp
[2009/12/05 23:15:27 | 00,103,150 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\sysproperties.bmp
[2009/12/05 12:49:20 | 72,348,8768 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\ubuntu-9.10-desktop-i386.iso
[2009/12/04 21:11:34 | 00,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/12/04 21:10:25 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 20:58:54 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\RSIT.exe
[2009/12/01 20:12:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\settings.dat
[2009/12/01 20:11:58 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Tim\Desktop\RootRepeal.exe
[2009/11/30 17:18:21 | 02,113,444 | -H-- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\IconCache.db
[2009/11/29 19:16:09 | 00,000,340 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\iframeexample.html
[2009/11/28 22:07:06 | 00,001,375 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\DrWeb.csv
[2009/11/28 13:40:47 | 23,844,968 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Tim\Desktop\4ny7clhp.exe
[2009/11/28 09:00:43 | 00,317,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/28 00:34:32 | 00,225,840 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\OpenDNS-Updater-2.2.exe
[2009/11/27 23:36:01 | 00,039,169 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\DEFENSE OF THE INQUISITION.odt
[2009/11/27 23:35:29 | 06,833,215 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Bolsatankprocedure.odt
[2009/11/27 23:33:53 | 00,019,555 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\TJHres.odt
[2009/11/27 23:30:25 | 00,025,813 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\HOMILYbyCureofArs.odt
[2009/11/27 23:29:01 | 00,019,330 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\Draftres.odt
[2009/11/27 23:27:32 | 00,023,286 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\WillTimothyJHogan.odt
[2009/11/27 23:25:44 | 00,000,864 | ---- | M] () -- C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/11/27 23:22:49 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/11/27 23:13:14 | 15,748,4384 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
[2009/11/27 23:08:05 | 00,003,111 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\download.php
[2009/11/27 21:44:34 | 00,018,514 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\fixpath2.zip
[2009/11/26 09:58:25 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/26 09:57:19 | 07,392,800 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\SUPERAntiSpyware.exe
[2009/11/25 16:43:52 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\jquerydraggable.html
[2009/11/24 13:04:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 12:58:20 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\zztoy.exe
[2009/11/20 20:03:20 | 00,000,395 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\formtest.html
[2009/11/19 15:23:47 | 00,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/19 00:03:08 | 00,002,010 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\windowsliveadremover.js
[2009/12/18 00:59:01 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Picture Studio v2.0.lnk
[2009/12/17 03:52:20 | 00,010,702 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Christmas2009.ods
[2009/12/17 03:08:56 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/11 03:25:49 | 00,016,277 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\rentalexpenses2.ods
[2009/12/11 03:15:03 | 00,010,767 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\HHdata.odt
[2009/12/11 03:13:09 | 00,017,057 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\rentalexpenses07.ods
[2009/12/11 03:12:44 | 00,012,689 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\lonetree.ods
[2009/12/11 03:12:04 | 00,016,388 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Carolinerental.ods
[2009/12/09 17:21:45 | 32,192,79872 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/07 01:10:19 | 01,064,294 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\ipinfo.bmp
[2009/12/06 02:47:00 | 00,020,782 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\System Information (Hardware).html
[2009/12/06 00:13:07 | 00,837,858 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\defltmnprops.bmp
[2009/12/06 00:11:10 | 00,259,086 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\colormodes.bmp
[2009/12/05 23:19:36 | 00,551,514 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\viddriver.bmp
[2009/12/05 23:15:25 | 00,103,150 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\sysproperties.bmp
[2009/12/05 12:14:51 | 72,348,8768 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\ubuntu-9.10-desktop-i386.iso
[2009/12/04 21:11:34 | 00,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/12/04 21:10:25 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2009/12/01 20:58:54 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\RSIT.exe
[2009/12/01 20:12:37 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\settings.dat
[2009/12/01 19:49:12 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\dds.scr
[2009/11/29 19:14:25 | 00,000,340 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\iframeexample.html
[2009/11/28 22:07:06 | 00,001,375 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\DrWeb.csv
[2009/11/28 00:34:32 | 00,225,840 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\OpenDNS-Updater-2.2.exe
[2009/11/27 23:36:00 | 00,039,169 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\DEFENSE OF THE INQUISITION.odt
[2009/11/27 23:35:26 | 06,833,215 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Bolsatankprocedure.odt
[2009/11/27 23:33:52 | 00,019,555 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\TJHres.odt
[2009/11/27 23:30:25 | 00,025,813 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\HOMILYbyCureofArs.odt
[2009/11/27 23:29:00 | 00,019,330 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\Draftres.odt
[2009/11/27 23:27:30 | 00,023,286 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\WillTimothyJHogan.odt
[2009/11/27 23:25:44 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/11/27 23:22:49 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/11/27 23:12:30 | 15,748,4384 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
[2009/11/27 23:06:32 | 00,003,111 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\download.php
[2009/11/27 21:44:34 | 00,018,514 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\fixpath2.zip
[2009/11/26 09:58:25 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/25 16:42:10 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\jquerydraggable.html
[2009/11/24 13:04:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/20 19:54:02 | 00,000,395 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\formtest.html
[2009/11/19 15:23:47 | 00,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2009/08/16 06:39:00 | 00,000,070 | ---- | C] () -- C:\WINDOWS\dbinside.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/12/01 07:13:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/06/02 14:21:45 | 00,000,575 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/04/17 14:04:08 | 00,002,664 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2006/04/17 10:14:38 | 00,004,454 | ---- | C] () -- C:\WINDOWS\Expwordg.ini
[2005/12/31 12:50:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Autorun.INI
[2005/11/20 14:27:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/11/18 13:59:10 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/14 16:40:49 | 00,000,079 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2005/08/14 16:40:48 | 00,000,122 | ---- | C] () -- C:\WINDOWS\Peanuts Baseball Game.ini
[2005/07/16 15:45:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/05/19 19:14:05 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/17 15:14:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/10 18:20:48 | 00,008,246 | ---- | C] () -- C:\Documents and Settings\Tim\Application Data\wklnhst.dat
[2005/02/08 21:01:07 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2005/02/08 21:01:07 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2005/02/08 21:01:07 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2005/02/08 21:01:07 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2005/02/08 21:01:07 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2005/02/08 21:01:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2005/02/08 21:01:07 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2005/02/08 21:01:07 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2005/02/08 21:01:06 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2005/02/08 21:01:06 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2005/02/08 21:01:06 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2005/02/08 21:01:06 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2005/02/08 21:01:06 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2005/02/08 21:01:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2005/02/08 21:01:06 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2005/02/08 21:01:06 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2005/02/08 21:01:06 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2005/02/08 21:01:06 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2005/02/08 21:01:06 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2005/02/08 21:01:06 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2005/02/08 21:01:06 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2004/12/28 09:57:43 | 00,000,986 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/28 09:57:08 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/12/28 09:57:08 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/12/28 09:56:48 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2004/12/28 09:56:47 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/12/28 09:56:47 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/12/28 09:56:45 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/12/28 09:56:43 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/12/19 16:39:09 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2004/12/12 13:29:47 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2004/12/12 13:28:47 | 00,000,193 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2004/11/23 19:46:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/23 19:42:31 | 00,000,280 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/23 19:34:18 | 00,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/23 19:31:33 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/23 19:31:24 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/11/23 19:31:24 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/23 19:31:18 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/23 19:01:14 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:28:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 15:25:56 | 00,000,799 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 03:00:00 | 00,002,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\null.sys
[2004/08/04 03:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1995/09/15 16:31:14 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[1979/12/31 22:00:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1979/12/31 22:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1979/12/31 22:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1979/12/31 22:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Tim\Desktop\Tomfirstholycommunion.JPG:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Tim\Desktop\MdelG.bmp:SummaryInformation
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D091E13E
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E7FF26C
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8173A019
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A7CF18
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436CCEE3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31080D0E
< End of report >

OTL Extras logfile created on: 12/19/2009 12:53:31 AM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.60 Gb Available in Paging File | 90.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 0.86 Gb Free Space | 1.21% Space Free | Partition Type: NTFS
Drive D: | 827.18 Gb Total Space | 811.85 Gb Free Space | 98.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3GZS461
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe ()

[HKEY_USERS\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
jsfile [open] -- "C:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5370:TCP" = 5370:TCP:LocalSubNet:Disabled:Jaxer
"5371:TCP" = 5371:TCP:LocalSubNet:Disabled:Jaxer
"5374:TCP" = 5374:TCP:LocalSubNet:Disabled:Jaxer
"5375:TCP" = 5375:TCP:LocalSubNet:Disabled:Jaxer
"5376:TCP" = 5376:TCP:LocalSubNet:Disabled:Jaxer
"5377:TCP" = 5377:TCP:LocalSubNet:Disabled:Jaxer
"5378:TCP" = 5378:TCP:LocalSubNet:Disabled:Jaxer
"5379:TCP" = 5379:TCP:LocalSubNet:Disabled:Jaxer
"5380:TCP" = 5380:TCP:LocalSubNet:Disabled:Jaxer
"5381:TCP" = 5381:TCP:LocalSubNet:Disabled:Jaxer
"5382:TCP" = 5382:TCP:LocalSubNet:Disabled:Jaxer
"5383:TCP" = 5383:TCP:LocalSubNet:Disabled:Jaxer
"8085:TCP" = 8085:TCP:*:Enabled:ddnsfilter
"80:TCP" = 80:TCP:LocalSubNet:Enabled:Apache
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\WildGames\Penguins Arena\PenguinsArena.exe" = C:\Program Files\WildGames\Penguins Arena\PenguinsArena.exe:*:Disabled:PenguinsArena -- File not found
"C:\Program Files\Aptana\Aptana Studio 1.2\jre\bin\javaw.exe" = C:\Program Files\Aptana\Aptana Studio 1.2\jre\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe" = C:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe:*:Enabled:AptanaStudio -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{17FE8A6F-9842-43E1-B274-9E2B08DE1035}" = Backyard Football 2006
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3E55A2EC-00A6-4B4E-80BF-B5FEF79A5411}" = RLPrintPlugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42C20285-108D-4535-ACD2-68350CF438F9}" = LiveProject
"{48ADB3C0-18FB-4922-B172-7C8C4B99409C}" = Kung Fu Panda™
"{4B296228-DF7C-43EA-8DED-76027355B219}" = Opera 10.01
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E298B0A-558C-4138-0096-740677B382CD}" = LOTR The Return of the King tm
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6E7F1130-F68A-46A1-96ED-5BFE51A3A605}" = Backyard Baseball 2005
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116530713}" = Strike Ball 3
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8C93CE61-2752-43C9-A72A-EF8145AE634D}" = Baseball Mogul 2007
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E816F70-50E9-4BF0-B3CD-BB140EAC3171}" = Microsoft Combat Flight Simulator 3 Mission Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Aptana Studio 1.2" = Aptana Studio 1.2
"Aptana Studio 2.0" = Aptana Studio 2.0
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bookworm Adventures Deluxe 1.0" = Bookworm Adventures Deluxe 1.0
"BookWorm Deluxe 1.03" = BookWorm Deluxe 1.03
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"Finale NotePad 2008" = Finale NotePad 2008
"GanttProject" = GanttProject
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{48ADB3C0-18FB-4922-B172-7C8C4B99409C}" = Kung Fu Panda™
"InstallShield_{51F24145-A833-4BD5-AA38-AFC5268928E5}" = PF+FB+AEP
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Java Media Framework 2.1.1c" = Java Media Framework 2.1.1c
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mavis Beacon Teaches Typing 17" = Mavis Beacon Teaches Typing 17
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mplayer" = Mplayer and all enabling of games
"MSCnC" = Microsoft Command & Control Engine
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSLex" = Microsoft Speech Lexicon
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenDNS Updater" = OpenDNS Updater 2.2
"Personal Printing Guide" = Canon Personal Printing Guide
"PFPortChecker" = PFPortChecker 1.0.31
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealArcade" = RealArcade
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shockwave" = Shockwave
"Snoopy vs. The Red Baron™" = Snoopy vs. The Red Baron™
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SpeechAPI" = Microsoft Speech API 3.0
"StartWrite50" = StartWrite
"SysInfo" = Creative System Information
"Where in the World Is Carmen Sandiego? Treasures of Knowledge" = Where in the World Is Carmen Sandiego? Treasures of Knowledge
"WIC" = Windows Imaging Component
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XML Copy Editor_is1" = XML Copy Editor 1.2.0.4
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZENcast Organizer" = ZENcast Organizer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2009 9:26:51 PM | Computer Name = D3GZS461 | Source = ESENT | ID = 485
Description = svchost (1160) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/13/2009 9:26:51 PM | Computer Name = D3GZS461 | Source = ESENT | ID = 485
Description = svchost (1160) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/13/2009 9:26:51 PM | Computer Name = D3GZS461 | Source = ESENT | ID = 485
Description = svchost (1160) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/13/2009 9:26:51 PM | Computer Name = D3GZS461 | Source = ESENT | ID = 485
Description = svchost (1160) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/13/2009 9:26:51 PM | Computer Name = D3GZS461 | Source = ESENT | ID = 485
Description = svchost (1160) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/13/2009 9:26:51 PM | Computer Name = D3GZS461 | Source = ESENT | ID = 485
Description = svchost (1160) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/13/2009 9:26:51 PM | Computer Name = D3GZS461 | Source = ESENT | ID = 485
Description = svchost (1160) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/13/2009 9:26:51 PM | Computer Name = D3GZS461 | Source = ESENT | ID = 485
Description = svchost (1160) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/13/2009 9:26:51 PM | Computer Name = D3GZS461 | Source = ESENT | ID = 485
Description = svchost (1160) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/14/2009 3:27:08 AM | Computer Name = D3GZS461 | Source = Application Hang | ID = 1002
Description = Hanging application CarbonitePreinstaller.exe, version 3.8.0.3, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/19/2009 12:51:55 AM | Computer Name = D3GZS461 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 00:22:68:14:32:4F. Network operations
on this system may be disrupted as a result.

Error - 12/19/2009 1:01:58 AM | Computer Name = D3GZS461 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 00:22:68:14:32:4F. Network operations
on this system may be disrupted as a result.

Error - 12/19/2009 1:12:02 AM | Computer Name = D3GZS461 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 00:22:68:14:32:4F. Network operations
on this system may be disrupted as a result.

Error - 12/19/2009 1:22:05 AM | Computer Name = D3GZS461 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 00:22:68:14:32:4F. Network operations
on this system may be disrupted as a result.

Error - 12/19/2009 1:32:07 AM | Computer Name = D3GZS461 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 00:22:68:14:32:4F. Network operations
on this system may be disrupted as a result.

Error - 12/19/2009 1:42:13 AM | Computer Name = D3GZS461 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 00:22:68:14:32:4F. Network operations
on this system may be disrupted as a result.

Error - 12/19/2009 1:52:15 AM | Computer Name = D3GZS461 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 00:22:68:14:32:4F. Network operations
on this system may be disrupted as a result.

Error - 12/19/2009 2:44:38 AM | Computer Name = D3GZS461 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0011116A749E has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/19/2009 2:45:54 AM | Computer Name = D3GZS461 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 12/19/2009 2:45:54 AM | Computer Name = D3GZS461 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >

#7 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:08 AM

Posted 21 December 2009 - 04:08 PM

Hello timjh,

This virus manifests itself when I type one particular URL (www.sjmercury.com) in the address bar of a browser. After hitting Enter, I am not taken to sjmercury.com, but instead to a malicious site. I've also noticed that the time that appears in the Windows toolbar at the bottom right of the screen has set itself to military time. I am running Microsoft Windows XP Professional, version 5.1.2600.

Are you re-directed from any other web address or only sjmercury.com? Have you tried using your search engine to do a search on sjmercury.com? When you click on it do you get re-directed?

You should never have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

In your case I notice that you have two antivirus programs installed. Avira and McAfee and although McAfee is disabled there are still processes, services / drivers that are running that can cause conflicts and use up resources in addition to reducing boot time and other issues.

I don't see McAfee in your uninstall list so that indicates to me you have attempted to uninstall the program and it left some remnants.
To remove McAfee AntiVirus fully I recommend you to use McAfee Consumer Product Removal tool (MCPR.exe).
For download and instruction to use McAfee Consumer Product Removal tool click on majorgeeks.com

I see you have My Way Search Assistant installed. This is an undesirable program.
http://www.bleepingcomputer.com/uninstall/...-Assistant.html

Add/Remove Programs entry for a browser toolbar for that came preloaded with Dell computers. There were concerns over this toolbar as it was difficult to remove and anonymously reports your surfing activity when on a myway or myway affiliated site.

I suggest you uninstall this program.

Did you or an Administrator set the following policies?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Processes
    C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :OTL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll File not found
    O3 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Peggy\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe File not found
    O4 - Startup: C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe File not found
    O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
    O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\PowerReg Scheduler.exe () 
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled"=-
    
    :Files
    O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\PowerReg Scheduler.exe 
    @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D091E13E
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E7FF26C
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8173A019
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A7CF18
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436CCEE3
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31080D0E
    
    :Commands
    [emptytemp]
    [resethosts]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

In your next reply please include:
OTL report
GMER.log

Thanks!!

Edited by pwgib, 21 December 2009 - 04:09 PM.

PW

#8 timjh

timjh
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 23 December 2009 - 12:08 PM

Here are the requested logs. The fix seems to have worked.

OTL:

OTL logfile created on: 12/19/2009 12:53:31 AM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.60 Gb Available in Paging File | 90.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 0.86 Gb Free Space | 1.21% Space Free | Partition Type: NTFS
Drive D: | 827.18 Gb Total Space | 811.85 Gb Free Space | 98.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3GZS461
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\Documents and Settings\Patrick\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2009/12/19 00:33:57 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2009/12/18 05:11:20 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/23 08:43:26 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/16 11:58:38 | 00,839,168 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 00,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/19 10:23:24 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/05 23:00:00 | 05,497,856 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/08/04 00:49:00 | 00,318,096 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/21 09:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/04/18 11:16:02 | 00,073,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Profiler\LWEMon.exe
PRC - [2004/12/02 17:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/08/25 11:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2004/08/23 16:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/08/12 23:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2004/06/18 07:46:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2004/06/18 07:30:26 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2004/04/11 18:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2003/12/05 20:08:04 | 00,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2003/09/17 08:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2003/09/03 18:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2000/06/26 05:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
PRC - [1999/12/13 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/19 00:33:57 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
MOD - [2005/07/24 22:13:00 | 01,201,664 | R--- | M] (YAMAHA Corp.) -- C:\WINDOWS\SYSTEM32\xgusb.cpl


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/05 23:00:00 | 05,497,856 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/14 10:11:38 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98ecfb47598f0) Google Update Service (gupdate1c98ecfb47598f0)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/25 11:26:56 | 00,389,120 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/03/16 12:33:24 | 00,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/12/17 11:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2000/06/26 05:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/12/07 16:54:47 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/11/23 08:43:30 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/08 12:44:20 | 00,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/07/08 12:44:20 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/07/08 12:44:20 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/07/08 12:44:20 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/07/08 12:43:46 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/02/26 17:10:58 | 00,032,720 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusbw.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/04 21:12:26 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/09/29 09:01:51 | 00,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 06:06:28 | 00,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 04:44:04 | 00,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/07/24 22:13:00 | 00,014,464 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusb.sys -- (YMIDUSB)
DRV - [2005/05/16 05:20:39 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/04/12 19:21:32 | 00,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 19:21:28 | 00,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 19:21:28 | 00,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 19:21:26 | 00,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys -- (WmXlCore)
DRV - [2004/08/25 11:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 00:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/12 23:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/12 23:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/12 23:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/12 23:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/12 23:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/12 23:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/12 23:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/12 23:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/12 23:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 03:00:00 | 00,002,944 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\null.sys -- (Null)
DRV - [2004/08/04 01:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 09:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 09:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/15 20:52:40 | 00,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 10:16:00 | 00,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2004/03/05 20:15:34 | 00,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 01,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 00,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/10 13:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/09/22 06:48:00 | 00,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:00 | 00,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 10:19:00 | 00,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PFModNT.sys -- (PfModNT)
DRV - [2002/11/08 11:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\S-1-5-21-892888757-1397196022-3383280284-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\S-1-5-21-892888757-1397196022-3383280284-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\S-1-5-21-892888757-1397196022-3383280284-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: debugger@aptana.com:1.4.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.4
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
FF - prefs.js..extensions.enabledItems: librarydetector@paulbakaus.com:1.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {a089fffd-e0cb-431b-8d3a-ebb8afb26dcf}:0.81
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {636fd8b0-ce2b-4e00-b812-2afbe77ee899}:1.4.3


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 05:11:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 05:11:27 | 00,000,000 | ---D | M]

[2008/09/12 12:50:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2009/12/18 04:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions
[2009/10/28 12:59:15 | 00,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/13 18:49:48 | 00,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/08/02 18:49:54 | 00,000,000 | ---D | M] (XPather) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899}
[2009/10/17 18:53:24 | 00,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/08/28 11:41:08 | 00,000,000 | ---D | M] (Platypus) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{a089fffd-e0cb-431b-8d3a-ebb8afb26dcf}
[2009/12/13 18:49:49 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/10 01:04:11 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/05 19:27:46 | 00,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2009/11/20 19:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\debugger@aptana.com
[2009/11/06 10:43:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\firebug@software.joehewitt.com
[2009/12/11 03:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\firefox@ghostery.com
[2009/11/15 09:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\inspector@mozilla.org
[2009/08/28 11:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\librarydetector@paulbakaus.com
[2008/08/16 13:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\moveplayer@movenetworks.com
[2007/06/28 22:22:58 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\searchplugins\siteadvisor.xml
[2009/12/18 04:28:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/08 20:08:53 | 00,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npaxctrl.dll
[2009/03/30 16:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2007/07/23 10:36:46 | 00,086,016 | ---- | M] (Renaissance Learning Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npRLPrint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\npi07w50.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Peggy\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe File not found
O4 - Startup: C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Tommy\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
O4 - Startup: C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-892888757-1397196022-3383280284-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2))
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} http://www.investors.com/member/ocx/plotwon.ocx (Plotwon Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15034/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.222.222
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 21:11:39 | 00,000,062 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/19 00:33:57 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2009/12/17 03:06:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Temp
[2009/12/14 03:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\Video Converter
[2009/12/04 21:11:18 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2009/12/04 21:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/12/04 21:10:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Downloaded Installations
[2009/12/04 21:10:25 | 00,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2009/12/01 20:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/12/01 20:59:52 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/01 20:11:58 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Tim\Desktop\RootRepeal.exe
[2009/11/28 13:39:18 | 23,844,968 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Tim\Desktop\4ny7clhp.exe
[2009/11/28 00:37:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\OpenDNS Updater
[2009/11/28 00:37:34 | 00,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2009/11/27 23:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\OpenOffice.org
[2009/11/27 23:24:46 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/27 23:24:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/27 23:24:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/27 23:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/11/27 23:20:52 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/11/27 23:13:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/11/27 23:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2009/11/27 21:45:03 | 00,000,000 | ---D | C] -- C:\fixpath2
[2009/11/26 23:43:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\SmitfraudFix
[2009/11/26 09:57:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/24 13:04:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/24 13:04:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/24 13:04:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 12:58:20 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\zztoy.exe
[2009/11/21 09:50:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\My Received Files
[2009/09/02 12:53:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/14 13:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/14 10:11:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/03/19 06:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/19 08:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/12/26 15:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/08/05 20:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/08/05 20:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/07/19 16:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera
[2005/02/02 17:27:31 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek
[2004/12/22 14:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/11/23 19:00:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/11/23 19:00:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1979/12/31 22:00:00 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1979/12/31 22:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/19 00:33:57 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2009/12/19 00:10:45 | 06,029,312 | ---- | M] () -- C:\Documents and Settings\Tim\NTUSER.DAT
[2009/12/19 00:06:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/19 00:03:08 | 00,002,010 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\windowsliveadremover.js
[2009/12/18 23:46:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/12/18 22:44:48 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/18 22:44:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/18 22:44:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/18 22:44:35 | 32,192,79872 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/18 21:54:25 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Tim\NTUSER.INI
[2009/12/18 01:31:05 | 00,000,986 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/12/18 00:59:01 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Picture Studio v2.0.lnk
[2009/12/17 03:54:02 | 00,010,702 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Christmas2009.ods
[2009/12/17 03:08:56 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/16 03:08:22 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\dds.scr
[2009/12/14 03:29:32 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 03:17:40 | 00,094,000 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/12 03:55:06 | 03,932,214 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2009/12/11 03:25:49 | 00,016,277 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\rentalexpenses2.ods
[2009/12/11 03:15:04 | 00,010,767 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\HHdata.odt
[2009/12/11 03:13:10 | 00,017,057 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\rentalexpenses07.ods
[2009/12/11 03:12:45 | 00,012,689 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\lonetree.ods
[2009/12/11 03:12:06 | 00,016,388 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Carolinerental.ods
[2009/12/11 03:10:12 | 00,008,246 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\wklnhst.dat
[2009/12/09 19:14:56 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/12/09 19:14:56 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/12/09 19:14:54 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 17:34:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 16:54:47 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/07 16:31:35 | 00,089,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tim\MSSSerif120.fon
[2009/12/07 01:10:20 | 01,064,294 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\ipinfo.bmp
[2009/12/06 02:47:00 | 00,020,782 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\System Information (Hardware).html
[2009/12/06 00:13:07 | 00,837,858 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\defltmnprops.bmp
[2009/12/06 00:11:11 | 00,259,086 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\colormodes.bmp
[2009/12/05 23:19:36 | 00,551,514 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\viddriver.bmp
[2009/12/05 23:15:27 | 00,103,150 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\sysproperties.bmp
[2009/12/05 12:49:20 | 72,348,8768 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\ubuntu-9.10-desktop-i386.iso
[2009/12/04 21:11:34 | 00,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/12/04 21:10:25 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 20:58:54 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\RSIT.exe
[2009/12/01 20:12:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\settings.dat
[2009/12/01 20:11:58 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Tim\Desktop\RootRepeal.exe
[2009/11/30 17:18:21 | 02,113,444 | -H-- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\IconCache.db
[2009/11/29 19:16:09 | 00,000,340 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\iframeexample.html
[2009/11/28 22:07:06 | 00,001,375 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\DrWeb.csv
[2009/11/28 13:40:47 | 23,844,968 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Tim\Desktop\4ny7clhp.exe
[2009/11/28 09:00:43 | 00,317,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/28 00:34:32 | 00,225,840 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\OpenDNS-Updater-2.2.exe
[2009/11/27 23:36:01 | 00,039,169 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\DEFENSE OF THE INQUISITION.odt
[2009/11/27 23:35:29 | 06,833,215 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Bolsatankprocedure.odt
[2009/11/27 23:33:53 | 00,019,555 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\TJHres.odt
[2009/11/27 23:30:25 | 00,025,813 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\HOMILYbyCureofArs.odt
[2009/11/27 23:29:01 | 00,019,330 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\Draftres.odt
[2009/11/27 23:27:32 | 00,023,286 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\WillTimothyJHogan.odt
[2009/11/27 23:25:44 | 00,000,864 | ---- | M] () -- C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/11/27 23:22:49 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/11/27 23:13:14 | 15,748,4384 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
[2009/11/27 23:08:05 | 00,003,111 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\download.php
[2009/11/27 21:44:34 | 00,018,514 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\fixpath2.zip
[2009/11/26 09:58:25 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/26 09:57:19 | 07,392,800 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\SUPERAntiSpyware.exe
[2009/11/25 16:43:52 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\jquerydraggable.html
[2009/11/24 13:04:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 12:58:20 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\zztoy.exe
[2009/11/20 20:03:20 | 00,000,395 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\formtest.html
[2009/11/19 15:23:47 | 00,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/19 00:03:08 | 00,002,010 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\windowsliveadremover.js
[2009/12/18 00:59:01 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Picture Studio v2.0.lnk
[2009/12/17 03:52:20 | 00,010,702 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Christmas2009.ods
[2009/12/17 03:08:56 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/11 03:25:49 | 00,016,277 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\rentalexpenses2.ods
[2009/12/11 03:15:03 | 00,010,767 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\HHdata.odt
[2009/12/11 03:13:09 | 00,017,057 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\rentalexpenses07.ods
[2009/12/11 03:12:44 | 00,012,689 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\lonetree.ods
[2009/12/11 03:12:04 | 00,016,388 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Carolinerental.ods
[2009/12/09 17:21:45 | 32,192,79872 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/07 01:10:19 | 01,064,294 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\ipinfo.bmp
[2009/12/06 02:47:00 | 00,020,782 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\System Information (Hardware).html
[2009/12/06 00:13:07 | 00,837,858 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\defltmnprops.bmp
[2009/12/06 00:11:10 | 00,259,086 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\colormodes.bmp
[2009/12/05 23:19:36 | 00,551,514 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\viddriver.bmp
[2009/12/05 23:15:25 | 00,103,150 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\sysproperties.bmp
[2009/12/05 12:14:51 | 72,348,8768 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\ubuntu-9.10-desktop-i386.iso
[2009/12/04 21:11:34 | 00,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/12/04 21:10:25 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Carbonite Online Backup Setup.lnk
[2009/12/01 20:58:54 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\RSIT.exe
[2009/12/01 20:12:37 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\settings.dat
[2009/12/01 19:49:12 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\dds.scr
[2009/11/29 19:14:25 | 00,000,340 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\iframeexample.html
[2009/11/28 22:07:06 | 00,001,375 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\DrWeb.csv
[2009/11/28 00:34:32 | 00,225,840 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\OpenDNS-Updater-2.2.exe
[2009/11/27 23:36:00 | 00,039,169 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\DEFENSE OF THE INQUISITION.odt
[2009/11/27 23:35:26 | 06,833,215 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Bolsatankprocedure.odt
[2009/11/27 23:33:52 | 00,019,555 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\TJHres.odt
[2009/11/27 23:30:25 | 00,025,813 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\HOMILYbyCureofArs.odt
[2009/11/27 23:29:00 | 00,019,330 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\Draftres.odt
[2009/11/27 23:27:30 | 00,023,286 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\WillTimothyJHogan.odt
[2009/11/27 23:25:44 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/11/27 23:22:49 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/11/27 23:12:30 | 15,748,4384 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
[2009/11/27 23:06:32 | 00,003,111 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\download.php
[2009/11/27 21:44:34 | 00,018,514 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\fixpath2.zip
[2009/11/26 09:58:25 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/25 16:42:10 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\jquerydraggable.html
[2009/11/24 13:04:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/20 19:54:02 | 00,000,395 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\formtest.html
[2009/11/19 15:23:47 | 00,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2009/08/16 06:39:00 | 00,000,070 | ---- | C] () -- C:\WINDOWS\dbinside.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/12/01 07:13:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/06/02 14:21:45 | 00,000,575 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/04/17 14:04:08 | 00,002,664 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2006/04/17 10:14:38 | 00,004,454 | ---- | C] () -- C:\WINDOWS\Expwordg.ini
[2005/12/31 12:50:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Autorun.INI
[2005/11/20 14:27:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/11/18 13:59:10 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/14 16:40:49 | 00,000,079 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2005/08/14 16:40:48 | 00,000,122 | ---- | C] () -- C:\WINDOWS\Peanuts Baseball Game.ini
[2005/07/16 15:45:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/05/19 19:14:05 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/17 15:14:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/10 18:20:48 | 00,008,246 | ---- | C] () -- C:\Documents and Settings\Tim\Application Data\wklnhst.dat
[2005/02/08 21:01:07 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll
[2005/02/08 21:01:07 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll
[2005/02/08 21:01:07 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll
[2005/02/08 21:01:07 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll
[2005/02/08 21:01:07 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll
[2005/02/08 21:01:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll
[2005/02/08 21:01:07 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll
[2005/02/08 21:01:07 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll
[2005/02/08 21:01:06 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll
[2005/02/08 21:01:06 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll
[2005/02/08 21:01:06 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll
[2005/02/08 21:01:06 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll
[2005/02/08 21:01:06 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll
[2005/02/08 21:01:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll
[2005/02/08 21:01:06 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll
[2005/02/08 21:01:06 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll
[2005/02/08 21:01:06 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll
[2005/02/08 21:01:06 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll
[2005/02/08 21:01:06 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll
[2005/02/08 21:01:06 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll
[2005/02/08 21:01:06 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll
[2004/12/28 09:57:43 | 00,000,986 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/28 09:57:08 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/12/28 09:57:08 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/12/28 09:56:48 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2004/12/28 09:56:47 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/12/28 09:56:47 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/12/28 09:56:45 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/12/28 09:56:43 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/12/19 16:39:09 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2004/12/12 13:29:47 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2004/12/12 13:28:47 | 00,000,193 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2004/11/23 19:46:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/23 19:42:31 | 00,000,280 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/23 19:34:18 | 00,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/23 19:31:33 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/23 19:31:24 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2004/11/23 19:31:24 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/23 19:31:18 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/23 19:01:14 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:28:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 15:25:56 | 00,000,799 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 03:00:00 | 00,002,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\null.sys
[2004/08/04 03:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1995/09/15 16:31:14 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[1979/12/31 22:00:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1979/12/31 22:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1979/12/31 22:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1979/12/31 22:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Tim\Desktop\Tomfirstholycommunion.JPG:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Tim\Desktop\MdelG.bmp:SummaryInformation
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D091E13E
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E7FF26C
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8173A019
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A7CF18
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436CCEE3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31080D0E
< End of report >

Gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-23 14:31:15
Windows 5.1.2600 Service Pack 3
Running: mot90lx6.exe; Driver: C:\DOCUME~1\Tim\LOCALS~1\Temp\kgloapow.sys


---- System - GMER 1.0.15 ----

SSDT F7A5E1F6 ZwCreateKey
SSDT F7A5E1EC ZwCreateThread
SSDT F7A5E1FB ZwDeleteKey
SSDT F7A5E205 ZwDeleteValueKey
SSDT F7A5E20A ZwLoadKey
SSDT F7A5E1D8 ZwOpenProcess
SSDT F7A5E1DD ZwOpenThread
SSDT F7A5E214 ZwReplaceKey
SSDT F7A5E20F ZwRestoreKey
SSDT F7A5E200 ZwSetValueKey
SSDT F7A5E1E7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xBA733760]

---- Devices - GMER 1.0.15 ----

Device \Driver\USBSTOR \Device\0000009b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000096 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AC53AD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

#9 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:08 AM

Posted 26 December 2009 - 05:12 AM

Hello timjh,

Step 1.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Step 2.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
In your next reply please include the following:
ComboFix.txt
Eset scan results


Thanks!!
PW

#10 timjh

timjh
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 28 December 2009 - 11:26 PM

I ran both ComboFix and ESET. ESET found no threats. I've attached the ComboFix log:

Attached Files



#11 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:08 AM

Posted 29 December 2009 - 02:11 PM

Hello timjh,

I need you to run an MBAM scan.
  • Open MBAM
  • Click on the UpdateTab before performing a scan. Click on the Check for Updates button. If an update is found, the program will automatically update itself. After the update press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Complete Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Please post the MBAM log. Do not attach the log. Copy/paste the log directly into the reply box.

How is your computer running? Any problems?

Thanks!!
PW

#12 timjh

timjh
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 29 December 2009 - 09:02 PM

Here's the MBAM log -- looks like the PC is clean! Thanks so much for your help.

Malwarebytes' Anti-Malware 1.42
Database version: 3451
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/30/2009 2:01:09 AM
mbam-log-2009-12-30 (02-01-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 379105
Time elapsed: 5 hour(s), 39 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:08 AM

Posted 30 December 2009 - 09:04 AM

Hello timjh,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\SYSTEM32\DRIVERS\null.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


Thanks!!
PW

#14 timjh

timjh
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 30 December 2009 - 12:08 PM

I followed the steps to enable hidden files to be seen, and ran Jotti. It reported that it found nothing.

#15 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:08 AM

Posted 30 December 2009 - 03:14 PM

Hello timjh,

Good job and Congratulations!! You now appear to be clean. :(

We need to do some other cleaning. The following cleanup procedures must be done in the order posted.

Step 1.

Uninstall ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall <---Note the space between the X and the U.

Please advise if this step is missed for any reason as it performs some important functions.

Step 2.

Please open OTL
  • Double click on the Posted Image icon on your desktop.
  • Click the "Cleanup" checkbox.
  • You will be asked, "Begin Cleanup Process"
  • Select Yes
  • You will be prompted to restart your computer.
You can now uninstall any other programs we have used and delete any logs that remain

Here are some more steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of them, however by following the rest of them you will reduce the risk of becoming re-infected.

Microsoft has released the latest upgrades to the XP OS platform, which can be referenced here
It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems.

New viruses come out every minute, so it is essential that you keep your antivirus program updated and have the latest signatures to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

For most users the built in Windows Firewall is sufficient. If you would like a third party firewall some good free firewalls are:(While installing Comodo, please uncheck these options: "Install Comodo SafeSurf..", "Make Comodo my default search provider" and "Make Comodo Search my homepage". Uncheck "Install Comodo Antivirus".)
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating.

Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SuperAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions. I personally prefer and highly recommend the licensed version of MBAM.

Please read and follow How did I get infected?, With steps so it does not happen again! as well as How to prevent Malware by Miekiemoes

Please let me know if you have any problems or questions.

Safe surfing and have a great day!!! :(

PW
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users