Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer and Search Re-directs


  • This topic is locked This topic is locked
26 replies to this topic

#1 youngbloodmichael

youngbloodmichael

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 31 December 2009 - 06:43 PM

Hi;

Over the last couple of weeks my computer has gotten very slow and I noticed that when I would do a search my computer would be re-directed to about: blank or to r9237242.cn search screens. I have executed Spyware Doctor in regular mode and in safemode with networking. I have also executed Registry Cleaner and CyberDefender Registry Cleaner. In each case, problems were found and fixed but now change. Can you help? I have attached the Ark and Attach files.

Here is a copy of DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike at 17:21:00.98 on Thu 12/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.56 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://desmoines.mediacomtoday.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [CyberDefender Registry Cleaner] c:\program files\cyberdefender\registry cleaner\CDregclean.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [DellMCM] "c:\program files\dell photo aio printer 942\memcard.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [CyberDefender Registry Cleaner]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\micros~1\windows\mspdb21.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli mxolerat.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-27 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-12-27 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-12-27 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-27 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-27 112592]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-12-27 583640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-27 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-27 1141712]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-12-27 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-12-27 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2009-12-31 22:48:40 0 ----a-w- c:\windows\ofumalanunev.dll
2009-12-29 20:02:47 0 d-----w- c:\docume~1\mike\applic~1\CyberDefender
2009-12-29 20:02:25 0 d-----w- c:\program files\CyberDefender
2009-12-28 21:38:43 4276224 ----a-w- c:\documents and settings\mike\s-1-5-21-580406598-3201823761-3829297431-1006.rrr
2009-12-27 20:58:45 0 d-----w- c:\docume~1\mike\applic~1\Registry Mechanic
2009-12-27 20:01:24 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2009-12-27 20:01:24 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2009-12-27 20:01:24 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2009-12-27 18:32:17 0 d--h--w- C:\$AVG
2009-12-27 18:30:54 0 d-----w- c:\program files\AVG
2009-12-27 18:30:52 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-27 18:19:28 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-27 18:19:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-27 18:18:39 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-12-27 18:18:39 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-12-27 18:18:38 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-12-27 17:27:04 883 ----a-w- c:\windows\RegSDImport.xml
2009-12-27 17:27:04 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-27 17:27:04 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-27 17:27:04 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-27 17:27:04 131 ----a-w- c:\windows\IDB.zip
2009-12-27 17:27:03 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-27 17:27:03 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-27 17:27:03 1152444 ----a-w- c:\windows\UDB.zip
2009-12-27 17:25:45 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-27 17:25:45 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-27 17:25:34 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-27 17:25:34 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-27 17:25:34 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-27 17:25:34 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-27 17:25:23 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-27 17:25:23 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-27 17:25:12 0 d-----w- c:\program files\Spyware Doctor
2009-12-27 17:25:12 0 d-----w- c:\program files\common files\PC Tools
2009-12-27 17:25:12 0 d-----w- c:\docume~1\mike\applic~1\PC Tools
2009-12-27 17:25:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-24 01:46:23 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-24 01:46:23 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-12-16 16:26:26 120 ----a-w- c:\windows\Yveyidonokeci.dat
2009-12-16 16:26:26 0 ----a-w- c:\windows\Xbapeqe.bin
2009-12-16 14:21:21 517 ----a-w- c:\windows\egoxitokesiko.dll

==================== Find3M ====================

2009-12-29 20:51:29 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-27 21:19:54 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2008-08-19 15:36:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 17:25:41.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 AM

Posted 10 January 2010 - 07:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 youngbloodmichael

youngbloodmichael
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 11 January 2010 - 02:20 PM

Per your instructions here are the scan reports:

OTL logfile created on: 1/11/2010 1:07:41 PM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 30.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.93 Gb Total Space | 38.60 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4BZV461
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/11 13:06:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/01/07 08:29:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/25 15:42:58 | 03,176,408 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/11/18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/12 10:03:32 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/11/04 11:58:40 | 06,908,744 | ---- | M] (CyberDefender) -- C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/28 00:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/24 07:00:09 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/08/31 14:34:08 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
PRC - [2004/08/31 14:18:44 | 00,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
PRC - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2004/08/23 18:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/08/13 01:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2004/07/27 14:08:22 | 00,262,144 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
PRC - [2004/07/19 07:51:24 | 00,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2004/07/01 20:45:46 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\SYSTEM32\dlbucoms.exe
PRC - [2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/04/07 12:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/03/11 09:50:00 | 00,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003/09/17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/09/03 20:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/06/18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/11 13:06:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2009/11/12 10:03:32 | 00,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/13 18:12:08 | 00,169,472 | ---- | M] () -- C:\WINDOWS\olopawogepukog.dll
MOD - [2003/11/13 18:19:00 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 08:29:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/11/12 10:03:32 | 00,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/07/01 20:45:46 | 00,421,888 | ---- | M] (Dell) [On_Demand | Running] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2004/04/07 12:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/11/12 10:03:32 | 00,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/12 10:03:32 | 00,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/12 10:03:32 | 00,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys -- (pctgntdi)
DRV - [2009/09/03 09:45:12 | 00,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys -- (pctplsg)
DRV - [2008/04/19 11:51:16 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2004/11/24 07:00:12 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/08/25 13:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/12 15:40:00 | 00,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 10:43:00 | 00,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 03:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/07/13 10:15:00 | 00,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 10:13:00 | 00,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004/07/13 10:12:00 | 00,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 10:11:00 | 00,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 10:11:00 | 00,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 10:09:00 | 00,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/06/15 22:52:40 | 00,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/04/09 12:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/10 15:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/11/12 20:11:00 | 00,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://desmoines.mediacomtoday.com/
IE - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\S-1-5-21-580406598-3201823761-3829297431-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D473D2D-3D57-466B-86BD-D317DC35DCB3}: C:\Documents and Settings\Mike\Local Settings\Application Data\{2D473D2D-3D57-466B-86BD-D317DC35DCB3} [2009/12/26 19:58:00 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CyberDefender Registry Cleaner] File not found
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Rwiqukaqibiyo] C:\WINDOWS\olopawogepukog.DLL ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006..\Run: [CyberDefender Registry Cleaner] C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe (CyberDefender)
O4 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.187.150 74.84.119.153
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll) - C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb21.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5058cbf4-6a33-11dd-bf0f-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{5058cbf4-6a33-11dd-bf0f-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dfe6876e-8401-11dd-bf15-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{dfe6876e-8401-11dd-bf15-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/11 13:06:36 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/01/07 08:30:16 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/07 08:30:16 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/07 08:30:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/07 08:30:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/01 08:36:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/12/31 17:28:00 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Mike\Desktop\RootRepeal.exe
[2009/12/31 16:43:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/31 16:43:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/31 16:43:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/31 16:43:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/29 14:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\CyberDefender
[2009/12/29 14:02:25 | 00,000,000 | ---D | C] -- C:\Program Files\CyberDefender
[2009/12/27 14:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Registry Mechanic
[2009/12/27 14:01:24 | 01,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2009/12/27 14:01:24 | 00,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2009/12/27 14:01:24 | 00,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2009/12/27 14:01:18 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/12/27 12:32:17 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/27 12:30:54 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/27 12:30:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/27 12:19:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/27 12:19:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/27 12:18:39 | 00,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009/12/27 12:18:39 | 00,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009/12/27 12:18:38 | 00,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009/12/27 11:35:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Threat Expert
[2009/12/27 11:27:04 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/12/27 11:27:03 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/12/27 11:27:03 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/12/27 11:25:45 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/12/27 11:25:34 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/12/27 11:25:34 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/12/27 11:25:23 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/12/27 11:25:12 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/27 11:25:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/27 11:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\PC Tools
[2009/12/27 11:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/12/27 11:24:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/26 19:58:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\{2D473D2D-3D57-466B-86BD-D317DC35DCB3}
[2009/12/23 19:46:23 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2008/12/30 14:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/07/06 10:58:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/04/19 10:49:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1980/01/01 00:00:00 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/11 13:06:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/01/11 13:04:35 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Yveyidonokeci.dat
[2010/01/11 08:12:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Xbapeqe.bin
[2010/01/10 10:38:49 | 04,456,448 | ---- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/01/08 18:20:06 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/08 16:09:01 | 00,001,003 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/01/07 22:01:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/07 08:29:51 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/07 08:29:51 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/07 08:29:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/07 08:29:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/07 08:29:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/04 11:07:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/04 11:07:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/04 11:07:11 | 16,086,67136 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/04 10:52:39 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/01/04 10:52:39 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/01/04 10:52:39 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/01/04 10:52:39 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/01/04 10:52:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/01/04 10:52:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/01/04 10:52:39 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2010/01/04 10:52:39 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2010/01/04 10:52:13 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\NTUSER.INI
[2010/01/04 10:52:00 | 04,932,819 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-20061102}.CDF
[2010/01/04 10:51:52 | 03,787,268 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/01/01 08:37:05 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/12/31 20:52:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\imuvegohekeva.dll
[2009/12/31 18:50:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\olewimanitesuzup.dll
[2009/12/31 17:28:22 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\settings.dat
[2009/12/31 17:28:01 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Mike\Desktop\RootRepeal.exe
[2009/12/31 17:20:33 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2009/12/31 16:48:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ofumalanunev.dll
[2009/12/29 15:08:55 | 00,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/29 14:02:28 | 00,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fix PC Errors Now.lnk
[2009/12/28 15:38:47 | 04,276,224 | ---- | M] () -- C:\Documents and Settings\Mike\s-1-5-21-580406598-3201823761-3829297431-1006.rrr
[2009/12/28 15:14:53 | 00,075,859 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinets3.skp
[2009/12/28 15:10:07 | 00,071,861 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinets2.sdr
[2009/12/28 14:30:38 | 00,000,208 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/27 14:59:11 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\Mike\ntuser.dat.rmbak
[2009/12/27 14:01:30 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/27 11:46:31 | 00,169,248 | ---- | M] () -- C:\WINDOWS\System32\STATUS.MPF
[2009/12/27 11:25:29 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/27 10:27:11 | 00,000,774 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/12/26 12:46:32 | 00,060,786 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cabinetdown3d.skp
[2009/12/26 12:45:37 | 00,060,786 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cabinetdown3d.skb
[2009/12/26 12:16:36 | 00,065,010 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cabinetsFrontDownnoDem.skp
[2009/12/26 12:12:22 | 00,066,280 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cabinetsFrontDownnoDem.skb
[2009/12/26 11:53:23 | 00,061,749 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinetup3d.skp
[2009/12/26 11:45:57 | 00,062,005 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinetup3d.skb
[2009/12/26 09:58:38 | 00,058,630 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDemRotated.skp
[2009/12/26 08:44:14 | 00,064,079 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDem.skp
[2009/12/26 08:42:44 | 00,064,240 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDem.skb
[2009/12/24 13:51:35 | 00,072,113 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinets2.sdb
[2009/12/24 13:49:37 | 00,076,179 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinets3.skb
[2009/12/16 08:21:21 | 00,000,517 | ---- | M] () -- C:\WINDOWS\egoxitokesiko.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/07 22:01:14 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/01 08:37:05 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/12/31 20:52:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\imuvegohekeva.dll
[2009/12/31 18:50:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\olewimanitesuzup.dll
[2009/12/31 17:28:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\settings.dat
[2009/12/31 17:20:33 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2009/12/31 16:48:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ofumalanunev.dll
[2009/12/31 10:19:28 | 16,086,67136 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/29 14:02:28 | 00,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fix PC Errors Now.lnk
[2009/12/28 15:38:43 | 04,276,224 | ---- | C] () -- C:\Documents and Settings\Mike\s-1-5-21-580406598-3201823761-3829297431-1006.rrr
[2009/12/27 14:01:30 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/27 11:27:04 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/12/27 11:27:04 | 00,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/12/27 11:27:04 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/12/27 11:27:04 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/12/27 11:27:03 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/12/27 11:25:45 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/12/27 11:25:34 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/12/27 11:25:34 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/12/27 11:25:29 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/27 11:25:23 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/12/26 12:12:22 | 00,066,280 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cabinetsFrontDownnoDem.skb
[2009/12/26 09:58:38 | 00,058,630 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDemRotated.skp
[2009/12/26 09:24:49 | 00,062,005 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinetup3d.skb
[2009/12/26 09:22:54 | 00,060,786 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cabinetdown3d.skb
[2009/12/26 09:19:57 | 00,060,786 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cabinetdown3d.skp
[2009/12/26 09:02:41 | 00,065,010 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cabinetsFrontDownnoDem.skp
[2009/12/26 09:00:14 | 00,061,749 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinetup3d.skp
[2009/12/26 08:44:14 | 00,064,240 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDem.skb
[2009/12/26 08:42:44 | 00,064,079 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDem.skp
[2009/12/24 13:44:30 | 00,076,179 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinets3.skb
[2009/12/24 13:24:28 | 00,075,859 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinets3.skp
[2009/12/24 12:19:34 | 00,072,113 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinets2.sdb
[2009/12/24 10:30:02 | 00,071,861 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinets2.sdr
[2009/12/16 10:26:26 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Yveyidonokeci.dat
[2009/12/16 10:26:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Xbapeqe.bin
[2009/12/16 08:21:21 | 00,000,517 | ---- | C] () -- C:\WINDOWS\egoxitokesiko.dll
[2009/12/13 08:45:04 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\wiaservg.log
[2008/10/04 09:42:46 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 11:31:33 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/19 10:46:54 | 00,001,003 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/11/24 07:02:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/24 06:58:57 | 00,000,208 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/24 06:50:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/24 06:50:08 | 00,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/11/24 06:50:08 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/24 06:50:05 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/11/24 06:49:41 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/24 06:21:46 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:28:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/01 15:35:06 | 00,000,254 | ---- | C] () -- C:\WINDOWS\System32\DLBUPLC.INI
[2004/08/23 14:42:30 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2004/08/23 14:40:14 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2004/08/10 13:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/06 18:23:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2004/08/06 18:22:12 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2004/08/06 18:07:24 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2004/08/06 18:01:42 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/08/04 05:00:00 | 00,169,472 | ---- | C] () -- C:\WINDOWS\olopawogepukog.dll
[2004/08/04 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/08 14:09:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1980/01/01 00:00:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


OTL Extras logfile created on: 1/11/2010 1:07:41 PM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 30.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.93 Gb Total Space | 38.60 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4BZV461
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10B3936F-0E93-4431-8E7B-3FEA5DAC88C3}" = Garmin Communicator Plugin
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6DE18AB5-540B-4981-87D5-6CF7E923D983}_is1" = CyberDefender Registry Cleaner
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA63780B-DDB7-417b-8A13-E5AFBE08E807}" =
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1FE831C-C1FB-4D2F-95C3-32473F49BC7F}" = G10A942EN
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"Browser Defender_is1" = Browser Defender 2.0.6.11
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"DellSupport" = Dell Support 5.0.0 (630)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"LimeWire" = LimeWire 4.18.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Spyware Doctor" = Spyware Doctor 7.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Switch" = Switch Sound File Converter
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2009 7:06:44 PM | Computer Name = D4BZV461 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/14/2009 7:06:45 PM | Computer Name = D4BZV461 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/14/2009 7:06:47 PM | Computer Name = D4BZV461 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/22/2009 11:33:17 AM | Computer Name = D4BZV461 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2009 2:54:41 PM | Computer Name = D4BZV461 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 6.0.2.126, faulting module
unknown, version 0.0.0.0, fault address 0x00010001.

Error - 4/30/2009 1:33:44 PM | Computer Name = D4BZV461 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 6.0.2.126, faulting module
unknown, version 0.0.0.0, fault address 0x0293a173.

Error - 5/2/2009 6:18:30 PM | Computer Name = D4BZV461 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 6.0.2.126, faulting module
unknown, version 0.0.0.0, fault address 0x400e38e4.

Error - 5/9/2009 9:16:18 AM | Computer Name = D4BZV461 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/16/2009 7:29:56 AM | Computer Name = D4BZV461 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 6.0.2.126, faulting module
unknown, version 0.0.0.0, fault address 0x400e38e4.

Error - 8/7/2009 11:34:50 AM | Computer Name = D4BZV461 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/31/2009 12:19:34 PM | Computer Name = D4BZV461 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/31/2009 12:22:06 PM | Computer Name = D4BZV461 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the sdCoreService service.

Error - 12/31/2009 6:47:42 PM | Computer Name = D4BZV461 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/31/2009 6:47:42 PM | Computer Name = D4BZV461 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/4/2010 12:38:27 PM | Computer Name = D4BZV461 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/4/2010 12:38:27 PM | Computer Name = D4BZV461 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/4/2010 12:40:52 PM | Computer Name = D4BZV461 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ThreatFire service to
connect.

Error - 1/4/2010 12:40:52 PM | Computer Name = D4BZV461 | Source = Service Control Manager | ID = 7000
Description = The ThreatFire service failed to start due to the following error:
%%1053

Error - 1/4/2010 1:07:23 PM | Computer Name = D4BZV461 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/4/2010 1:07:23 PM | Computer Name = D4BZV461 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 AM

Posted 11 January 2010 - 04:52 PM

Hi,

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 youngbloodmichael

youngbloodmichael
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 12 January 2010 - 12:18 PM

Hi;

Here is the GMER Log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 11:10:53
Windows 5.1.2600 Service Pack 3
Running: 31e07z8t.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\pgloapow.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF7A2EA1C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7959CDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7959ED0]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF7A2EC10]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF7A2ECB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF7A2E90C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7979D60]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF7A2EE52]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF7A30B30]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 11A 804E4954 4 Bytes JMP 6E87F7A2
.text ntoskrnl.exe!ZwYieldExecution + 252 804E4A8C 4 Bytes JMP 74B54233

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[452] ntdll.dll!LdrLoadDll 7C9163C3 4 Bytes [FF, 25, AC, 70]
.text C:\WINDOWS\system32\svchost.exe[452] ntdll.dll!LdrLoadDll + 5 7C9163C8 5 Bytes [10, 90, 90, 90, 90]
.text C:\WINDOWS\system32\svchost.exe[452] Secur32.dll!InitializeSecurityContextW 77FE5BDB 7 Bytes JMP 10003BF4 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[452] Secur32.dll!EncryptMessage 77FEA68D 6 Bytes JMP 10003C83 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[452] Secur32.dll!DecryptMessage 77FEA6DC 6 Bytes JMP 10003D18 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[452] Secur32.dll!InitializeSecurityContextA 77FEA8AE 7 Bytes JMP 10003B7E C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[452] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 10003B30 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[452] ws2_32.dll!connect 71AB4A07 8 Bytes JMP 10003864 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[452] ws2_32.dll!send 71AB4C27 8 Bytes JMP 100038DA C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[452] ws2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 10003A6B C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[452] ws2_32.dll!recv 71AB676F 8 Bytes JMP 100039CF C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[452] ws2_32.dll!WSASend 71AB68FA 6 Bytes JMP 1000393B C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] ntdll.dll!LdrLoadDll 7C9163C3 4 Bytes [FF, 25, AC, 70]
.text C:\WINDOWS\system32\svchost.exe[620] ntdll.dll!LdrLoadDll + 5 7C9163C8 5 Bytes [10, 90, 90, 90, 90]
.text C:\WINDOWS\system32\svchost.exe[620] Secur32.dll!InitializeSecurityContextW 77FE5BDB 7 Bytes JMP 10003BF4 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] Secur32.dll!EncryptMessage 77FEA68D 6 Bytes JMP 10003C83 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] Secur32.dll!DecryptMessage 77FEA6DC 6 Bytes JMP 10003D18 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] Secur32.dll!InitializeSecurityContextA 77FEA8AE 7 Bytes JMP 10003B7E C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] ws2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 10003B30 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] ws2_32.dll!connect 71AB4A07 8 Bytes JMP 10003864 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] ws2_32.dll!send 71AB4C27 8 Bytes JMP 100038DA C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] ws2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 10003A6B C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] ws2_32.dll!recv 71AB676F 8 Bytes JMP 100039CF C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\system32\svchost.exe[620] ws2_32.dll!WSASend 71AB68FA 6 Bytes JMP 1000393B C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] ntdll.dll!LdrLoadDll 7C9163C3 4 Bytes [FF, 25, AC, 70]
.text C:\WINDOWS\Explorer.EXE[840] ntdll.dll!LdrLoadDll + 5 7C9163C8 5 Bytes [10, 90, 90, 90, 90]
.text C:\WINDOWS\Explorer.EXE[840] Secur32.dll!InitializeSecurityContextW 77FE5BDB 7 Bytes JMP 10003BF4 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] Secur32.dll!EncryptMessage 77FEA68D 6 Bytes JMP 10003C83 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] Secur32.dll!DecryptMessage 77FEA6DC 6 Bytes JMP 10003D18 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] Secur32.dll!InitializeSecurityContextA 77FEA8AE 7 Bytes JMP 10003B7E C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 10003B30 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] WS2_32.dll!connect 71AB4A07 8 Bytes JMP 10003864 C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] WS2_32.dll!send 71AB4C27 8 Bytes JMP 100038DA C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 10003A6B C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] WS2_32.dll!recv 71AB676F 8 Bytes JMP 100039CF C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll
.text C:\WINDOWS\Explorer.EXE[840] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 1000393B C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- EOF - GMER 1.0.15 ----

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 AM

Posted 12 January 2010 - 12:44 PM

Hi,

please run the following fix:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    [2010/01/11 13:04:35 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Yveyidonokeci.dat
    [2010/01/11 08:12:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Xbapeqe.bin
    MOD - [2008/04/13 18:12:08 | 00,169,472 | ---- | M] () -- C:\WINDOWS\olopawogepukog.dll
    O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll) - C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb21.dll ()
    [2009/12/31 20:52:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\imuvegohekeva.dll
    [2009/12/31 18:50:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\olewimanitesuzup.dll
    [2009/12/31 16:48:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ofumalanunev.dll
    [2009/12/16 08:21:21 | 00,000,517 | ---- | C] () -- C:\WINDOWS\egoxitokesiko.dll
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 youngbloodmichael

youngbloodmichael
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 12 January 2010 - 02:26 PM

Hi;

Here is the output from OTL.txt

OTL logfile created on: 1/12/2010 1:06:22 PM - Run 2
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.93 Gb Total Space | 38.60 Gb Free Space | 54.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4BZV461
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/11 13:06:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/01/07 08:29:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/07 08:29:51 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/25 15:42:58 | 03,176,408 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/11/18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/12 10:03:32 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/11/04 11:58:40 | 06,908,744 | ---- | M] (CyberDefender) -- C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/28 00:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/24 07:00:09 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/08/31 14:34:08 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
PRC - [2004/08/31 14:18:44 | 00,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
PRC - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2004/08/23 18:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/08/13 01:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2004/07/27 14:08:22 | 00,262,144 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
PRC - [2004/07/19 07:51:24 | 00,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2004/07/01 20:45:46 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\SYSTEM32\dlbucoms.exe
PRC - [2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/04/07 12:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/03/11 09:50:00 | 00,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003/09/17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/09/03 20:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/06/18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/11 13:06:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2009/11/12 10:03:32 | 00,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/13 18:12:08 | 00,169,472 | ---- | M] () -- C:\WINDOWS\olopawogepukog.dll
MOD - [2003/11/13 18:19:00 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 08:29:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/11/12 10:03:32 | 00,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2004/08/25 13:26:56 | 00,389,120 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/07/01 20:45:46 | 00,421,888 | ---- | M] (Dell) [On_Demand | Running] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2004/04/07 12:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/11/12 10:03:32 | 00,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/12 10:03:32 | 00,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/12 10:03:32 | 00,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/30 11:11:00 | 00,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys -- (pctgntdi)
DRV - [2009/09/03 09:45:12 | 00,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys -- (pctplsg)
DRV - [2008/04/19 11:51:16 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2004/11/24 07:00:12 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/08/25 13:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/12 15:40:00 | 00,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 10:43:00 | 00,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 03:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/07/13 10:15:00 | 00,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 10:13:00 | 00,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004/07/13 10:12:00 | 00,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 10:11:00 | 00,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 10:11:00 | 00,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 10:09:00 | 00,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/06/15 22:52:40 | 00,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/04/09 12:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/10 15:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/11/12 20:11:00 | 00,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://desmoines.mediacomtoday.com/
IE - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\S-1-5-21-580406598-3201823761-3829297431-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-580406598-3201823761-3829297431-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-580406598-3201823761-3829297431-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-580406598-3201823761-3829297431-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-580406598-3201823761-3829297431-500\S-1-5-21-580406598-3201823761-3829297431-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D473D2D-3D57-466B-86BD-D317DC35DCB3}: C:\Documents and Settings\Mike\Local Settings\Application Data\{2D473D2D-3D57-466B-86BD-D317DC35DCB3} [2009/12/26 19:58:00 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CyberDefender Registry Cleaner] File not found
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Rwiqukaqibiyo] C:\WINDOWS\olopawogepukog.DLL ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006..\Run: [CyberDefender Registry Cleaner] C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe (CyberDefender)
O4 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-580406598-3201823761-3829297431-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-580406598-3201823761-3829297431-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-580406598-3201823761-3829297431-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.187.150 74.84.119.153
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll) - C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb21.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5058cbf4-6a33-11dd-bf0f-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{5058cbf4-6a33-11dd-bf0f-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dfe6876e-8401-11dd-bf15-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{dfe6876e-8401-11dd-bf15-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/11/24 06:19:52 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/11 13:06:36 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/01/07 08:30:16 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/07 08:30:16 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/07 08:30:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/07 08:30:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/01 08:36:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/12/31 17:28:00 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Mike\Desktop\RootRepeal.exe
[2009/12/31 16:43:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/31 16:43:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/31 16:43:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/31 16:43:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/29 14:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\CyberDefender
[2009/12/29 14:02:25 | 00,000,000 | ---D | C] -- C:\Program Files\CyberDefender
[2009/12/27 14:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Registry Mechanic
[2009/12/27 14:01:24 | 01,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2009/12/27 14:01:24 | 00,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2009/12/27 14:01:24 | 00,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2009/12/27 14:01:18 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/12/27 12:32:17 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/27 12:30:54 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/27 12:30:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/27 12:19:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/27 12:19:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/27 12:18:39 | 00,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009/12/27 12:18:39 | 00,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009/12/27 12:18:38 | 00,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009/12/27 11:35:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Threat Expert
[2009/12/27 11:27:04 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/12/27 11:27:03 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/12/27 11:27:03 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/12/27 11:25:45 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/12/27 11:25:34 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/12/27 11:25:34 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/12/27 11:25:23 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/12/27 11:25:12 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/27 11:25:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/27 11:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\PC Tools
[2009/12/27 11:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/12/27 11:24:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/26 19:58:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\{2D473D2D-3D57-466B-86BD-D317DC35DCB3}
[2009/12/23 19:46:23 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2008/12/30 14:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/07/06 10:58:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/04/19 10:49:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1980/01/01 00:00:00 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/12 13:04:17 | 00,001,003 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/01/12 11:13:04 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Yveyidonokeci.dat
[2010/01/12 11:12:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/12 11:12:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/12 11:12:23 | 16,086,67136 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/12 11:11:16 | 04,456,448 | ---- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/01/12 11:11:16 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\NTUSER.INI
[2010/01/12 11:11:14 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/01/12 08:31:16 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/01/12 08:31:16 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/01/12 08:31:16 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/01/12 08:31:16 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/01/12 08:31:16 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/01/12 08:31:16 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/01/12 08:31:16 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2010/01/12 08:31:16 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2010/01/12 08:30:40 | 04,932,819 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-20061102}.CDF
[2010/01/12 08:22:57 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\31e07z8t.exe
[2010/01/12 08:04:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Xbapeqe.bin
[2010/01/11 13:06:37 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/01/08 18:20:06 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/07 22:01:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/07 08:29:51 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/07 08:29:51 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/07 08:29:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/07 08:29:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/07 08:29:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/01 08:37:05 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/12/31 20:52:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\imuvegohekeva.dll
[2009/12/31 18:50:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\olewimanitesuzup.dll
[2009/12/31 17:28:22 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\settings.dat
[2009/12/31 17:28:01 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Mike\Desktop\RootRepeal.exe
[2009/12/31 17:20:33 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2009/12/31 16:48:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ofumalanunev.dll
[2009/12/29 15:08:55 | 00,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/29 14:02:28 | 00,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fix PC Errors Now.lnk
[2009/12/28 15:38:47 | 04,276,224 | ---- | M] () -- C:\Documents and Settings\Mike\s-1-5-21-580406598-3201823761-3829297431-1006.rrr
[2009/12/28 15:14:53 | 00,075,859 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinets3.skp
[2009/12/28 15:10:07 | 00,071,861 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinets2.sdr
[2009/12/28 14:30:38 | 00,000,208 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/27 14:59:11 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\Mike\ntuser.dat.rmbak
[2009/12/27 14:01:30 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/27 11:46:31 | 00,169,248 | ---- | M] () -- C:\WINDOWS\System32\STATUS.MPF
[2009/12/27 11:25:29 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/27 10:27:11 | 00,000,774 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/12/26 12:46:32 | 00,060,786 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cabinetdown3d.skp
[2009/12/26 12:45:37 | 00,060,786 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cabinetdown3d.skb
[2009/12/26 12:16:36 | 00,065,010 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cabinetsFrontDownnoDem.skp
[2009/12/26 12:12:22 | 00,066,280 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cabinetsFrontDownnoDem.skb
[2009/12/26 11:53:23 | 00,061,749 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinetup3d.skp
[2009/12/26 11:45:57 | 00,062,005 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinetup3d.skb
[2009/12/26 09:58:38 | 00,058,630 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDemRotated.skp
[2009/12/26 08:44:14 | 00,064,079 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDem.skp
[2009/12/26 08:42:44 | 00,064,240 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDem.skb
[2009/12/24 13:51:35 | 00,072,113 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinets2.sdb
[2009/12/24 13:49:37 | 00,076,179 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\Cabinets3.skb
[2009/12/16 08:21:21 | 00,000,517 | ---- | M] () -- C:\WINDOWS\egoxitokesiko.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/12 11:12:23 | 16,086,67136 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/12 08:22:57 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\31e07z8t.exe
[2010/01/07 22:01:14 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/01 08:37:05 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/12/31 20:52:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\imuvegohekeva.dll
[2009/12/31 18:50:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\olewimanitesuzup.dll
[2009/12/31 17:28:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\settings.dat
[2009/12/31 17:20:33 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2009/12/31 16:48:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ofumalanunev.dll
[2009/12/29 14:02:28 | 00,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fix PC Errors Now.lnk
[2009/12/28 15:38:43 | 04,276,224 | ---- | C] () -- C:\Documents and Settings\Mike\s-1-5-21-580406598-3201823761-3829297431-1006.rrr
[2009/12/27 14:01:30 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/12/27 11:27:04 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/12/27 11:27:04 | 00,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/12/27 11:27:04 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/12/27 11:27:04 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/12/27 11:27:03 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/12/27 11:25:45 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/12/27 11:25:34 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/12/27 11:25:34 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/12/27 11:25:29 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/27 11:25:23 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/12/26 12:12:22 | 00,066,280 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cabinetsFrontDownnoDem.skb
[2009/12/26 09:58:38 | 00,058,630 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDemRotated.skp
[2009/12/26 09:24:49 | 00,062,005 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinetup3d.skb
[2009/12/26 09:22:54 | 00,060,786 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cabinetdown3d.skb
[2009/12/26 09:19:57 | 00,060,786 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cabinetdown3d.skp
[2009/12/26 09:02:41 | 00,065,010 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cabinetsFrontDownnoDem.skp
[2009/12/26 09:00:14 | 00,061,749 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinetup3d.skp
[2009/12/26 08:44:14 | 00,064,240 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDem.skb
[2009/12/26 08:42:44 | 00,064,079 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\CabinetsFrontnoDem.skp
[2009/12/24 13:44:30 | 00,076,179 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinets3.skb
[2009/12/24 13:24:28 | 00,075,859 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinets3.skp
[2009/12/24 12:19:34 | 00,072,113 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinets2.sdb
[2009/12/24 10:30:02 | 00,071,861 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\Cabinets2.sdr
[2009/12/16 10:26:26 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Yveyidonokeci.dat
[2009/12/16 10:26:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Xbapeqe.bin
[2009/12/16 08:21:21 | 00,000,517 | ---- | C] () -- C:\WINDOWS\egoxitokesiko.dll
[2009/12/13 08:45:04 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\wiaservg.log
[2008/10/04 09:42:46 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 11:31:33 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/19 10:46:54 | 00,001,003 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/11/24 07:02:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/24 06:58:57 | 00,000,208 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/24 06:50:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/11/24 06:50:08 | 00,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/11/24 06:50:08 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/11/24 06:50:05 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/11/24 06:49:41 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/24 06:21:46 | 00,000,519 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:28:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/01 15:35:06 | 00,000,254 | ---- | C] () -- C:\WINDOWS\System32\DLBUPLC.INI
[2004/08/23 14:42:30 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2004/08/23 14:40:14 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2004/08/10 13:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/06 18:23:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2004/08/06 18:22:12 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2004/08/06 18:07:24 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2004/08/06 18:01:42 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/08/04 05:00:00 | 00,169,472 | ---- | C] () -- C:\WINDOWS\olopawogepukog.dll
[2004/08/04 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/08 14:09:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1980/01/01 00:00:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/10/29 01:46:50 | 00,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/10/29 01:46:51 | 00,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[2008/04/13 18:12:00 | 01,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\msvbvm60.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/19 09:16:25 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/08/19 09:16:25 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/19 09:16:25 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/08/19 09:16:25 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/01/08 18:20:06 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2010/01/08 18:20:06 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 AM

Posted 12 January 2010 - 02:35 PM

Hi,

please run the following fix:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    
    [2010/01/11 13:04:35 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Yveyidonokeci.dat
    [2010/01/11 08:12:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Xbapeqe.bin
    MOD - [2008/04/13 18:12:08 | 00,169,472 | ---- | M] () -- C:\WINDOWS\olopawogepukog.dll
    O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll) - C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb21.dll ()
    [2009/12/31 20:52:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\imuvegohekeva.dll
    [2009/12/31 18:50:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\olewimanitesuzup.dll
    [2009/12/31 16:48:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ofumalanunev.dll
    [2009/12/16 08:21:21 | 00,000,517 | ---- | C] () -- C:\WINDOWS\egoxitokesiko.dll
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 youngbloodmichael

youngbloodmichael
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 13 January 2010 - 02:20 PM

Hi;

I have tried this twice. In each case OTL runs to

:O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\mspdb21.dll) - C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb21.dll ()

It then stalls and when I check the task manager, it shows OTL not responding. I let it go for about 5 hours. Not sure how long it should run but this doesn't seem right. No log is produced.

Mike

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 AM

Posted 13 January 2010 - 02:30 PM

Hi,

it seems that OTL is not powerful enough to kill that process. Please run ComboFix instead:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 youngbloodmichael

youngbloodmichael
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 13 January 2010 - 03:06 PM

Hi;

Here is the ComboFix Log;

ComboFix 10-01-13.06 - Mike 01/13/2010 13:49:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1215 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\CyberDefender
c:\documents and settings\All Users\Start Menu\Programs\CyberDefender\Registry Cleaner\CyberDefender Registry Cleaner.lnk
c:\documents and settings\All Users\Start Menu\Programs\CyberDefender\Registry Cleaner\Uninstall CyberDefender Registry Cleaner.lnk
c:\documents and settings\Mike\Application Data\CyberDefender
c:\documents and settings\Mike\Application Data\CyberDefender\Registry Cleaner\lastresults.cdr
c:\documents and settings\Mike\Application Data\CyberDefender\Registry Cleaner\Regclean\1262117940.reg
c:\documents and settings\Mike\Application Data\CyberDefender\Registry Cleaner\Regclean\1262300192.reg
c:\documents and settings\Mike\Application Data\CyberDefender\Registry Cleaner\SystemRestore.dat
c:\documents and settings\Mike\Application Data\wiaservg.log
c:\program files\CyberDefender
c:\program files\CyberDefender\Registry Cleaner\BeforeUninstall.exe
c:\program files\CyberDefender\Registry Cleaner\CDRC.dll
c:\program files\CyberDefender\Registry Cleaner\CDregclean.exe
c:\program files\CyberDefender\Registry Cleaner\cdswx.exe
c:\program files\CyberDefender\Registry Cleaner\KillCDRCProcesses.exe
c:\program files\CyberDefender\Registry Cleaner\startcdrc.exe
c:\program files\CyberDefender\Registry Cleaner\unins000.dat
c:\program files\CyberDefender\Registry Cleaner\unins000.exe
c:\program files\CyberDefender\Registry Cleaner\unins000.msg
c:\windows\egoxitokesiko.dll
c:\windows\imuvegohekeva.dll
c:\windows\mxolerat.dll
c:\windows\ofumalanunev.dll
c:\windows\olewimanitesuzup.dll
c:\windows\olopawogepukog.dll
c:\windows\system32\Data
c:\windows\system32\Data\CTP0358W.DAT

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-13 19:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-01-13 19:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-01-13 19:15 . 2010-01-13 19:15 120 ----a-w- c:\windows\Yveyidonokeci.dat
2010-01-13 19:15 . 2010-01-13 19:15 0 ----a-w- c:\windows\Xbapeqe.bin
2010-01-13 01:33 . 2010-01-13 01:33 -------- d-----w- C:\_OTL
2010-01-12 23:53 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 20:43 . 2010-01-11 20:43 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-08 04:01 . 2010-01-13 19:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 14:30 . 2010-01-07 14:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 14:28 . 2010-01-07 14:28 152576 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-07 14:28 . 2010-01-07 14:28 79488 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 14:18 . 2009-12-27 18:30 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-12-28 14:33 . 2009-12-28 14:32 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-28 14:33 . 2009-12-27 18:31 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-28 14:33 . 2009-12-27 18:30 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-28 14:33 . 2009-12-27 18:30 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-28 14:33 . 2009-12-28 14:32 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-27 20:58 . 2009-12-27 20:58 -------- d-----w- c:\documents and settings\Mike\Application Data\Registry Mechanic
2009-12-27 18:32 . 2009-12-27 18:44 -------- d-----w- C:\$AVG
2009-12-27 18:30 . 2009-12-27 18:30 -------- d-----w- c:\program files\AVG
2009-12-27 18:30 . 2009-12-31 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-27 18:19 . 2009-12-30 21:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-27 18:19 . 2009-12-30 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-27 18:18 . 2009-11-12 16:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-12-27 18:18 . 2009-11-12 16:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-12-27 18:18 . 2009-11-12 16:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-12-27 17:35 . 2009-12-27 17:35 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Threat Expert
2009-12-27 17:27 . 2009-11-10 16:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-27 17:27 . 2009-11-10 16:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-27 17:27 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2009-12-27 17:27 . 2009-11-10 16:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-27 17:27 . 2009-11-10 16:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-27 17:27 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-27 17:25 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-27 17:25 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-27 17:25 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-27 17:25 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-27 17:25 . 2010-01-13 19:38 -------- d-----w- c:\program files\Spyware Doctor
2009-12-27 17:25 . 2009-12-27 20:01 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-27 17:25 . 2009-12-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-27 17:25 . 2009-12-27 17:25 -------- d-----w- c:\documents and settings\Mike\Application Data\PC Tools
2009-12-27 17:24 . 2010-01-13 20:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-27 01:58 . 2009-12-27 01:58 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\{2D473D2D-3D57-466B-86BD-D317DC35DCB3}
2009-12-24 15:23 . 2009-12-24 15:23 31744 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows\mspdb21.dll
2009-12-24 01:46 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-24 01:46 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 19:58 . 2004-11-24 12:50 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
2010-01-13 19:58 . 2004-11-24 12:50 384 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
2010-01-09 00:20 . 1980-01-01 06:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-07 14:29 . 2004-11-24 12:46 -------- d-----w- c:\program files\Java
2010-01-01 14:37 . 2008-04-20 13:46 -------- d-----w- c:\documents and settings\Mike\Application Data\AdobeUM
2009-12-27 19:44 . 2004-11-24 12:53 -------- d-----w- c:\program files\McAfee.com
2009-12-27 18:05 . 2004-11-24 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-12-27 16:53 . 2009-04-12 20:42 -------- d-----w- c:\program files\Uniblue
2009-11-21 15:51 . 2004-08-04 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-11-25 3176408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-07 149280]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-24 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-24 98304]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-11-24 156784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [12/27/2009 11:25 AM 207792]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [12/27/2009 12:18 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [12/27/2009 12:18 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [12/27/2009 11:25 AM 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/27/2009 11:27 AM 112592]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/27/2009 2:01 PM 583640]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [12/27/2009 11:25 AM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/27/2009 11:25 AM 359624]
S3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [12/27/2009 12:18 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://desmoines.mediacomtoday.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-CyberDefender Registry Cleaner - c:\program files\CyberDefender\Registry Cleaner\CDregclean.exe
HKLM-Run-CyberDefender Registry Cleaner - (no file)
HKLM-Run-Rwiqukaqibiyo - c:\windows\olopawogepukog.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 14:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(780)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-13 14:04:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-13 20:04

Pre-Run: 41,345,433,600 bytes free
Post-Run: 41,620,443,136 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0A5D39F005C013BA3973DFB5E3D2C9E9

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 AM

Posted 13 January 2010 - 03:25 PM

Hi,

How is the PC? Are you still getting redirected? There are a couple of entries still left, please run the following script:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\mspdb21.dll
c:\windows\Yveyidonokeci.dat
c:\windows\Xbapeqe.bin


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

Edited by myrti, 13 January 2010 - 03:25 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 youngbloodmichael

youngbloodmichael
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 13 January 2010 - 08:35 PM

hi;

The PC is running faster. Here is the latest ComboFix.txt;

ComboFix 10-01-13.06 - Mike 01/13/2010 19:24:52.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1009 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FILE ::
"c:\documents and settings\All Users\Application Data\Microsoft\Windows\mspdb21.dll"
"c:\windows\Xbapeqe.bin"
"c:\windows\Yveyidonokeci.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Windows\mspdb21.dll
c:\windows\Xbapeqe.bin
c:\windows\Yveyidonokeci.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-13 19:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-01-13 19:55 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-01-13 01:33 . 2010-01-13 01:33 -------- d-----w- C:\_OTL
2010-01-12 23:53 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 20:43 . 2010-01-11 20:43 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-08 04:01 . 2010-01-13 19:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 14:30 . 2010-01-07 14:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 14:28 . 2010-01-07 14:28 152576 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-07 14:28 . 2010-01-07 14:28 79488 ----a-w- c:\documents and settings\Mike\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 14:18 . 2009-12-27 18:30 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-12-28 14:33 . 2009-12-28 14:32 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-28 14:33 . 2009-12-27 18:31 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-28 14:33 . 2009-12-27 18:30 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-28 14:33 . 2009-12-27 18:30 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-28 14:33 . 2009-12-28 14:32 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-27 20:58 . 2009-12-27 20:58 -------- d-----w- c:\documents and settings\Mike\Application Data\Registry Mechanic
2009-12-27 18:32 . 2009-12-27 18:44 -------- d-----w- C:\$AVG
2009-12-27 18:30 . 2009-12-27 18:30 -------- d-----w- c:\program files\AVG
2009-12-27 18:30 . 2009-12-31 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-27 18:19 . 2009-12-30 21:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-27 18:19 . 2009-12-30 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-27 18:18 . 2009-11-12 16:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-12-27 18:18 . 2009-11-12 16:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-12-27 18:18 . 2009-11-12 16:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-12-27 17:35 . 2009-12-27 17:35 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Threat Expert
2009-12-27 17:27 . 2009-11-10 16:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-27 17:27 . 2009-11-10 16:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-27 17:27 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2009-12-27 17:27 . 2009-11-10 16:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-27 17:27 . 2009-11-10 16:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-27 17:27 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-27 17:25 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-27 17:25 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-27 17:25 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-27 17:25 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-27 17:25 . 2010-01-14 01:17 -------- d-----w- c:\program files\Spyware Doctor
2009-12-27 17:25 . 2009-12-27 20:01 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-27 17:25 . 2009-12-27 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-27 17:25 . 2009-12-27 17:25 -------- d-----w- c:\documents and settings\Mike\Application Data\PC Tools
2009-12-27 17:24 . 2010-01-14 01:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-27 01:58 . 2009-12-27 01:58 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\{2D473D2D-3D57-466B-86BD-D317DC35DCB3}
2009-12-24 01:46 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-24 01:46 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 20:16 . 2004-11-24 12:59 -------- d-----w- c:\program files\Common Files\aolshare
2010-01-13 20:16 . 2004-11-24 12:59 -------- d-----w- c:\program files\Common Files\AOL
2010-01-13 20:15 . 2004-11-24 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-01-13 19:58 . 2004-11-24 12:50 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
2010-01-13 19:58 . 2004-11-24 12:50 384 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
2010-01-09 00:20 . 1980-01-01 06:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-07 14:29 . 2004-11-24 12:46 -------- d-----w- c:\program files\Java
2010-01-01 14:37 . 2008-04-20 13:46 -------- d-----w- c:\documents and settings\Mike\Application Data\AdobeUM
2009-12-27 19:44 . 2004-11-24 12:53 -------- d-----w- c:\program files\McAfee.com
2009-12-27 18:05 . 2004-11-24 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-12-27 16:53 . 2009-04-12 20:42 -------- d-----w- c:\program files\Uniblue
2009-11-21 15:51 . 2004-08-04 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-08-04 11:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-11-25 3176408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-07 149280]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-24 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-24 98304]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [12/27/2009 11:25 AM 207792]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [12/27/2009 12:18 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [12/27/2009 12:18 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [12/27/2009 11:25 AM 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [12/27/2009 11:27 AM 112592]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/27/2009 2:01 PM 583640]
R3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [12/27/2009 12:18 PM 33552]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [12/27/2009 11:25 AM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/27/2009 11:25 AM 359624]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://desmoines.mediacomtoday.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\Spyware Doctor\TFEngine\TFMon.dll
c:\program files\Spyware Doctor\TFEngine\TFRK.dll

- - - - - - - > 'lsass.exe'(780)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-01-13 19:31:53
ComboFix-quarantined-files.txt 2010-01-14 01:31
ComboFix2.txt 2010-01-13 20:04

Pre-Run: 41,698,684,928 bytes free
Post-Run: 41,692,422,144 bytes free

- - End Of File - - F57EF62AAAAC56739DC2BA875A36B799

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:22 AM

Posted 13 January 2010 - 08:58 PM

Hi,

that looks rather good. How is the PC doing? No more popups and redirects?

Please run a scan with the following online scanner:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 youngbloodmichael

youngbloodmichael
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 13 January 2010 - 09:59 PM

Hi;

Computer is running faster and I am not noticing any re-directs. Here is the ESETScan.txt:

C:\Documents and Settings\Mike\My Documents\LimeWire\Incomplete\T-5088466-tamberine man.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\atapi.sys.vir Win32/Olmarik.RF virus deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP654\A0028231.ocx probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined


Another question. I have three files on my desktop now. What should I do with them?

Thumbs.db
Settings.dat
ComboFix.exe

Also, what anti-virous, anti-spyware and anti-adware software should I be running?

Mike




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users