Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: SLOW computer and browser crashing issues

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    12

    Default SLOW computer and browser crashing issues

    I've been having this problem for a week. Internet is working and active, but browsers only sporadically work (both Firefox and Chrome) and when they do, they eventually crash. Computer is ridiculously slow at startup, plus every time I reboot, there are problems with McAfee which need to be addressed. I'm actually posting this from another computer because I can't access the internet on the problem computer. Any help would be appreciated.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:19:43 PM, on 1/22/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Motorola Media Link\NServiceEntry.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\BacsTray.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.sju.edu/cp/home/loginf
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [bacstray] BacsTray.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124230267271
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup160.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11967 bytes

  2. #2
    Retired Graduate
    Join Date
    Dec 2009
    Posts
    83

    Default

    Hello and welcome to Safer Networking Forums

    My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

    Please follow these guidelines as we work to clean your computer.
    • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
    • Perform all instructions in the order given.
    • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
    • Do not run any other tools to remove malware while we are working.
    • If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
    • If you have not done so, please take time to read the "BEFORE you POST" sticky where the preliminary tasks and conditions for receiving help at this forum are explained.


    NOTE: I am in training at Malware Removal University.
    I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
    Your patience is appreciated.


    I am assuming you have a way to transfer files to and from the problem computer as you posted the HijackThis log from another computer.

    Please post a fresh HijackThis log and the uninstall list described below if you still need help, and we can go from there.


    Installed Program List

    It would be helpful to see a list of programs installed on your computer.

    • Please start Hijackthis
    • Click the Open the Misc Tools section button
    • Click the Open Uninstall Manager... under System Tools


    You will see a list of programs installed on your computer.
    Please click the Save List... button and specify where you would like to save the list.
    Once you click Save, the list will open in Notepad. Simply copy and paste the entire contents of Notepad in your next post along with the fresh HijackThis log.
    Graduate of Malware Removal University. You too could train to help others.

    Spybot Search & Destroy tutorial

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    12

    Default

    Hello shinybeast! Thanks so much for helping. The log you requested is below. I was kind of vague in my original post, but here are some more specific issues I’m having:

    1) When I boot up my computer, internet is connected but the browsers do not work (I primarily use Chrome). I need to run McAfee quick scan which finds and removes and fixes a file called SUSP_IRP_MJ_CREATE which is some sort of TDSS.b!mem trojan. I am then able to access the internet. This is not removed permanently however and I have to run it every time I reboot. Note that the attached HJT was run BEFORE I ran the McAfee quick scan after booting up my computer.
    2) I ran Malwarebytes last night and it found a Rootkit which it “removed”. Not sure if it was removed permanently.
    3) Even when I can use my browsers, I have occasional browser crashing issues.
    4) When I do a Google search and click on one of the result links, I get redirected to other websites.


    HJT Log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:53:57 PM, on 1/27/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Motorola Media Link\NServiceEntry.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\BacsTray.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.sju.edu/cp/home/loginf
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [bacstray] BacsTray.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124230267271
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup160.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12115 bytes

    Program List
    3ivx MPEG-4 5.0.3 (remove only)
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Help Center 2.0
    Adobe Photoshop Elements 4.0
    Adobe Reader 8.1.5
    Adobe Shockwave Player 11.5
    ALPS Touch Pad Driver
    AnswerWorks 4.0 Runtime - English
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    Broadcom Advanced Control Suite
    Brother MFL-Pro Suite
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities File Viewer Utility 1.2
    Canon Utilities MyCamera DC
    Canon Utilities RemoteCapture DC
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D480 MDC V.92 Modem
    Crash Analysis Tool
    Critical Update for Windows Media Player 11 (KB959772)
    Defraggler
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Home Systems Services Agreement
    Dell Media Experience
    Dell Media Experience Update
    Dell Picture Studio v3.0
    Dell Support 3.2.1
    Dell Support Center (Support Software)
    Dell Wireless WLAN Card
    DellSupport
    Digital Line Detect
    ERUNT 1.1j
    FlipShare
    getPlus(R)_ocx
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Intel(R) PROSet/Wireless Software
    Internet Explorer Default Page
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 18
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    mCore
    mDriver
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Professional Edition 2003
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Standard 2007
    Microsoft Office Project Standard 2007 Trial
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Streets and Trips 2005
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows XP Video Decoder Checkup Utility
    mIWA
    mLogView
    mMHouse
    Modem Helper
    Motorola Driver Installation 4.2.0
    MOTOROLA MEDIA LINK
    Mozilla Firefox (3.5.7)
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    mSSO
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    mToolkit
    mWlsSafe
    mWMI
    mZConfig
    NVIDIA Drivers
    Pinnacle PCI Performance Enhancer
    Pinnacle USB device drivers
    PowerDVD 5.1
    QuickSet
    QuickTime
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Sonic Update Manager
    Sportsbook.com Poker
    Spybot - Search & Destroy
    System Requirements Lab
    Time Zone Data Update Tool for Microsoft Office Outlook
    TurboTax Deluxe 2007
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows Genuine Advantage v1.3.0254.0
    Windows Imaging Component
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3

  4. #4
    Retired Graduate
    Join Date
    Dec 2009
    Posts
    83

    Default

    Hello mandfense,

    Please perform the following.
    If you need to transfer files to the afflicted computer, download the files necessary and copy the instructions and paste them in a Notepad/Wordpad file to have at hand when you perform the instructions.


    Download Tools

    Click here to download OTL by OldTimer and place a copy of it on the Desktop
    Click here to download GMER Rootkit Scanner and place a copy of it on the Desktop.
    Note: The GMER file will be a randomly named .exe file.


    Scan with OTL

    Make sure OTL.exe is on your Desktop
    • Close all other open windows, then double-click OTL.exe to start OTL
    • Under Output, ensure that Minimal Output is selected
    • Under the Standard Registry box change it to All
    • Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
    • Click Run Scan in upper left of window.
    • When the scan is finished, two logs will open:
      OTL.Txt <-- Will be opened
      Extras.Txt <-- Will be minimized
    • Please post the contents of these two logs in your next reply.



    Scan with GMER

    Make sure the GMER file is on your Desktop

    • Disconnect from the internet and disable McAfee security center.

      NOTE: To disable McAfee SecurityCenter
      • Locate McAfee icon in the system tray and double-click it to open McAfee SecurityCenter
      • Click Advanced Menu or Basic Menu in the lower left of the window.
      • Click Computer & Files, then click Configure in the right pane.
      • Under Virus Protection is enabled, select (tick) Off
      • In the popup window, select Never in the drop-down menu, then click OK
      • Select (tick) Off for all other modules installed (Spyware, SystemGuard, etc.)
      • Click Advanced Menu or Basic Menu in the lower left of the window.
      • Click Internet & Network, then click Configure in the right pane.
      • Under Firewall Protection is enabled, select (tick) Off
      • In the popup window, select Never in the drop-down menu, then click OK
      • Close McAfee SecurityCenter

    • Close all other open windows and double click the randomly named GMER file. If asked to allow gmer driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following boxes:
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All
    • Then click the Scan button and wait for it to finish (NOTE: If you have a lot of files on your hard drive, the scan may take a long time.)
    • Once done click on the Save.. button at lower right, and in the File name area, type in "ark.txt" (include the quotes or it will save as a .log file)
    • Save it where you can easily find it, such as your desktop, and post it in reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Note: Do not run any programs while Gmer is running.


    After tools have run and any necessary reboots have occurred, open McAfee SecurityCenter and click the Fix button in the upper right of the window to enable protection.


    MalwareBytes' Log

    Please post the MalwareBytes' log as it may help in cleaning your computer.

    The logfile can accessed by running Malwarebytes' and clicking the Log tab. Double-click the current log to open it and copy/paste it in your next reply.


    Also, did you have a Symantec/Norton product installed in the past? There is a related service running and if it is no longer needed, we can get rid of it.

    Please reply with:
    OTL logs (OTL.txt and Extras.txt)
    GMER log (ark.txt)
    MalwareBytes' log

    NOTE: Break up the logs into multiple posts as necessary.
    Graduate of Malware Removal University. You too could train to help others.

    Spybot Search & Destroy tutorial

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    12

    Default

    Hello shinybeast. I had a problem running GMER. It ran for about 2 hours when all of a sudden I got the dreaded blue screen. Should I try it again? It seemed to have spent more than half that time in McAfee's Quarantine folder.

    To answer your other question, I used to use Norton 360, but uninstalled it so it's not used anymore.

    Here are the other logs you requested. Let me know if you think I should run GMER again. Thanks again.

    OTL logfile created on: 1/28/2010 2:49:07 PM - Run 1
    OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Tom\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 220.00 Mb Available Physical Memory | 43.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 53.08 Gb Total Space | 13.08 Gb Free Space | 24.64% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CAHILL
    Current User Name: Tom
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
    PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
    PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
    PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
    PRC - C:\Program Files\Motorola Media Link\NServiceEntry.exe (Nero AG)
    PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\WINDOWS\SYSTEM32\WLTRAY.EXE (Dell Inc.)
    PRC - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE ()
    PRC - C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE (Dell Inc.)
    PRC - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
    PRC - C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
    PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
    PRC - C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\SYSTEM32\BacsTray.exe (Broadcom Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (RoxLiveShare9) -- File not found
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
    SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
    SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
    SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe (Nero AG)
    SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
    SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
    SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
    SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
    SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
    SRV - (NVSvc) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (嶔苻) -- C:\WINDOWS\SYSTEM32\DRIVERS\嶔苻.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??.sys] ()
    DRV - (耀ऺ) -- C:\WINDOWS\SYSTEM32\DRIVERS\耀ऺ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??.sys] ()
    DRV - (MCAGENT.EXE) -- C:\WINDOWS\SYSTEM32\DRIVERS\MCAGENT.EXE.sys ()
    DRV - ({89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}) -- C:\WINDOWS\SYSTEM32\DRIVERS\{89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}.sys ()
    DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
    DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
    DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
    DRV - (androidusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\motoandroid.sys (Motorola)
    DRV - (USBAAPL) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys (Apple, Inc.)
    DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
    DRV - (usb_rndisx) -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023x.sys (Microsoft Corporation)
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
    DRV - (s24trans) -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys (Intel Corporation)
    DRV - (w29n51) Intel(R) -- C:\WINDOWS\SYSTEM32\DRIVERS\w29n51.sys (Intel® Corporation)
    DRV - (RimVSerPort) -- C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
    DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (wceusbsh) -- C:\WINDOWS\SYSTEM32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
    DRV - (symlcbrd) -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys (Symantec Corporation)
    DRV - (HSF_DPV) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS (Conexant Systems, Inc.)
    DRV - (HSFHWICH) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys (SigmaTel, Inc.)
    DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
    DRV - (BrScnUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys (Brother Industries Ltd.)
    DRV - (BrSerIf) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrSerIf.sys (Brother Industries Ltd.)
    DRV - (IWCA) -- C:\WINDOWS\SYSTEM32\DRIVERS\iwca.sys (Intel Corporation)
    DRV - (ApfiltrService) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
    DRV - (ROOTMODEM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS (Microsoft Corporation)
    DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
    DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant)
    DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Inc)
    DRV - (BrUsbSer) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbSer.sys (Brother Industries Ltd.)
    DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (DVC150) -- C:\WINDOWS\SYSTEM32\DRIVERS\DVC150B.sys (Cirrus Logic Inc.)
    DRV - (StMp3Rec) -- C:\WINDOWS\SYSTEM32\DRIVERS\StMp3Rec.sys (Koninklijke Philips)
    DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (PCLEPCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCLEPCI.sys (Pinnacle Systems GmbH)
    DRV - (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) -- C:\WINDOWS\SYSTEM32\DRIVERS\CamDrL21.sys (Logitech Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (E100B) Intel(R) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS (Intel Corporation)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.sju.edu/cp/home/loginf
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:00:39 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 08:12:54 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/25 09:13:33 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/25 09:13:51 | 00,000,000 | ---D | M]

    [2010/01/18 18:31:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
    [2010/01/18 18:31:46 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2010/01/19 22:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\jlmchpka.default\extensions
    [2010/01/18 18:36:50 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\jlmchpka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/01/27 17:51:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/01/18 18:30:27 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2008/12/05 08:59:46 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    [2009/11/03 19:39:05 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    [2010/01/27 17:51:13 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    [2009/12/22 12:41:43 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
    [2009/12/22 12:41:44 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
    [2009/12/17 17:14:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    [2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2009/12/22 12:41:45 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    [2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    [2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    [2010/01/25 09:13:50 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    [2010/01/25 09:13:50 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    [2010/01/25 09:13:51 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    [2010/01/25 09:13:51 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    [2010/01/25 09:13:51 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    [2010/01/25 09:13:51 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    [2010/01/25 09:13:51 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    [2008/09/15 11:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
    [2009/12/21 21:32:20 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2009/12/21 21:32:20 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
    [2009/12/21 21:32:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
    [2009/12/21 21:32:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
    [2009/12/21 21:32:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
    [2009/12/21 21:32:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
    [2009/12/21 21:32:20 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

    O1 HOSTS File: ([2004/08/04 06:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [bacstray] C:\WINDOWS\System32\BacsTray.exe (Broadcom Corporation)
    O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\SYSTEM32\WLTRAY.EXE (Dell Inc.)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [PCLEPCI] C:\Program Files\Pinnacle\PPE\PPE.exe (Pinnacle Systems GmbH)
    O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...2/wmsp9dmo.cab (Reg Error: Value error.)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15012/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/downlo...ualEarth3D.cab (Reg Error: Value error.)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Value error.)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...0C/wmv9dmo.cab (Reg Error: Value error.)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1124230267271 (MUWebControl Class)
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} http://dm.screensavers.com/dm/instal...sinstaller.cab (Reg Error: Value error.)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/Veriz...oadControl.cab (Verizon Wireless Media Upload)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} http://www.snapfish.com/SnapfishUpload.cab (Snapfish File Upload ActiveX Control)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/.../en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download...basetup160.cab (Reg Error: Value error.)
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab (Dell PC Checkup Installer Control)
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15012/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{16701280-36cb-11de-8031-0011436728ea}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe -- File not found
    O33 - MountPoints2\{16701280-36cb-11de-8031-0011436728ea}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe -- File not found
    O33 - MountPoints2\{37cf62d0-8d31-11de-80cd-0011436728ea}\Shell - "" = AutoRun
    O33 - MountPoints2\{37cf62d0-8d31-11de-80cd-0011436728ea}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{37cf62d0-8d31-11de-80cd-0011436728ea}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/01/12 18:44:23 | 00,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17454841580224512)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/01/27 17:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/01/27 17:51:04 | 00,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/01/27 17:51:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/01/27 17:51:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/01/25 09:38:14 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
    [2010/01/23 20:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\WeatherBug
    [2010/01/23 17:11:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/01/23 17:11:35 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/01/23 17:11:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/01/22 17:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/01/22 16:11:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/01/22 16:10:26 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2010/01/19 16:24:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2010/01/19 15:28:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/01/19 15:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/01/19 15:26:15 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
    [2010/01/18 14:52:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
    [2010/01/18 14:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/01/13 14:17:43 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
    [2009/07/22 08:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/06/01 20:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2008/12/18 12:30:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2008/10/26 22:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
    [2008/10/26 22:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
    [2008/07/09 16:49:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
    [2007/07/24 20:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2007/05/30 17:30:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2005/01/07 02:14:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/01/28 14:49:09 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1632080614-2041568419-3765997130-1006UA.job
    [2010/01/28 14:46:15 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\f9gtbx2t.exe
    [2010/01/28 14:45:21 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
    [2010/01/28 14:33:12 | 00,014,825 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/01/28 14:32:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2010/01/28 14:32:18 | 00,011,195 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2010/01/28 14:32:14 | 00,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/01/28 14:30:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/01/28 14:30:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2010/01/28 14:30:42 | 53,612,9536 | -HS- | M] () -- C:\hiberfil.sys
    [2010/01/28 08:28:58 | 08,650,752 | -H-- | M] () -- C:\Documents and Settings\Tom\NTUSER.DAT
    [2010/01/28 08:28:58 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Tom\NTUSER.INI
    [2010/01/27 23:37:52 | 06,446,866 | -H-- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\IconCache.db
    [2010/01/27 22:29:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
    [2010/01/27 21:47:28 | 00,097,792 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\PFP Chapter 1.doc
    [2010/01/27 21:33:33 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Mod#1 DB#2.doc
    [2010/01/27 17:56:04 | 00,010,311 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\ProgramList
    [2010/01/26 19:08:38 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Wedding List.xls
    [2010/01/26 18:56:53 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Addresses.xls
    [2010/01/26 18:38:04 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Microsoft Office Excel 2003.lnk
    [2010/01/26 16:29:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/01/26 16:29:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
    [2010/01/26 09:49:18 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
    [2010/01/25 13:49:07 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Tom\My Documents\~$d#1 DB#2.doc
    [2010/01/25 13:36:54 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Mod#1 DB#1 Responses.doc
    [2010/01/25 12:49:06 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1632080614-2041568419-3765997130-1006Core.job
    [2010/01/25 10:29:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
    [2010/01/25 09:48:08 | 00,034,636 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\cc_20100125_094758.reg
    [2010/01/24 22:00:01 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
    [2010/01/24 19:01:49 | 00,001,664 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Sportsbook.com Poker.lnk
    [2010/01/24 04:29:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
    [2010/01/24 03:08:27 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010/01/23 20:08:49 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/01/23 20:01:23 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/01/23 17:11:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/22 17:00:21 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\HijackThis.lnk
    [2010/01/22 16:10:38 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/01/22 16:10:28 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\ERUNT.lnk
    [2010/01/20 12:46:24 | 00,002,268 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Google Chrome.lnk
    [2010/01/19 15:29:01 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
    [2010/01/18 18:36:34 | 00,014,049 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\bookmarks.html
    [2010/01/18 18:30:36 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/01/18 17:55:48 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
    [2010/01/18 14:09:15 | 00,011,195 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2010/01/17 18:43:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MCAGENT.EXE.sys
    [2010/01/16 16:57:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\{89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}.sys
    [2010/01/14 15:21:55 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Microsoft Streets & Trips.lnk
    [2010/01/13 10:26:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/01/10 19:36:53 | 00,141,072 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\SaveTheDate2.pdf
    [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/01/07 09:34:05 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Microsoft Office Outlook 2003.lnk
    [2010/01/05 05:00:29 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
    [2010/01/05 05:00:28 | 01,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
    [2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
    [2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
    [2010/01/05 05:00:28 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
    [2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
    [2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
    [2010/01/05 05:00:28 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
    [2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
    [2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
    [2010/01/05 05:00:27 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
    [2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
    [2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
    [2010/01/05 05:00:26 | 03,599,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
    [2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
    [2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
    [2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
    [2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
    [2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
    [2010/01/05 05:00:24 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
    [2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
    [2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
    [2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
    [2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
    [2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
    [2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
    [2010/01/05 05:00:23 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
    [2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
    [2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
    [2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
    [2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
    [2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
    [2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
    [2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
    [2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
    [2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
    [2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
    [2010/01/05 05:00:21 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
    [2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
    [2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2010/01/05 05:00:21 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
    [2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
    [2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
    [2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
    [2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
    [2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
    [2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
    [2009/12/31 10:33:27 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
    [2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
    [2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
    [2009/12/31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
    [2009/12/31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe

  6. #6
    Junior Member
    Join Date
    Jan 2010
    Posts
    12

    Default

    ========== Files Created - No Company Name ==========

    [2010/01/28 14:46:14 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\f9gtbx2t.exe
    [2010/01/27 21:44:14 | 00,097,792 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\PFP Chapter 1.doc
    [2010/01/27 17:56:04 | 00,010,311 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\ProgramList
    [2010/01/25 13:49:07 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Tom\My Documents\~$d#1 DB#2.doc
    [2010/01/25 13:44:49 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\Mod#1 DB#2.doc
    [2010/01/25 12:54:33 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\Mod#1 DB#1 Responses.doc
    [2010/01/25 09:48:03 | 00,034,636 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\cc_20100125_094758.reg
    [2010/01/23 17:11:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/22 17:00:20 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\HijackThis.lnk
    [2010/01/22 16:10:38 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/01/22 16:10:28 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\ERUNT.lnk
    [2010/01/22 15:58:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/01/22 15:58:38 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
    [2010/01/22 15:58:34 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
    [2010/01/20 12:46:24 | 00,002,268 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Google Chrome.lnk
    [2010/01/20 12:44:32 | 00,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1632080614-2041568419-3765997130-1006UA.job
    [2010/01/20 12:44:25 | 00,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1632080614-2041568419-3765997130-1006Core.job
    [2010/01/19 16:53:45 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
    [2010/01/19 16:53:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
    [2010/01/19 15:29:01 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
    [2010/01/18 18:36:34 | 00,014,049 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\bookmarks.html
    [2010/01/18 18:30:36 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/01/17 18:43:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MCAGENT.EXE.sys
    [2010/01/16 16:57:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\{89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}.sys
    [2010/01/10 19:36:53 | 00,141,072 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\SaveTheDate2.pdf
    [2009/12/06 22:13:21 | 00,007,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
    [2009/11/18 15:03:09 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/11/17 23:22:56 | 00,095,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2008/05/10 09:07:00 | 00,038,473 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Comma Separated Values (Windows).ADR
    [2008/05/03 12:18:47 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/02/19 01:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2008/02/17 19:07:13 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
    [2008/02/17 19:05:28 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2008/01/13 16:42:49 | 00,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
    [2007/11/11 18:48:51 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2007/11/11 18:48:47 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini


    OTL Extras logfile created on: 1/28/2010 2:49:07 PM - Run 1
    OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Tom\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 220.00 Mb Available Physical Memory | 43.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 53.08 Gb Total Space | 13.08 Gb Free Space | 24.64% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CAHILL
    Current User Name: Tom
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Motorola Media Link\MML.exe" = C:\Program Files\Motorola Media Link\MML.exe:*:Enabled:Motorola Media Link main -- (Nero corporation)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{20227921-DB38-4810-9162-DDC6FCA936E7}" = Dell Home Systems Services Agreement
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
    "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3E5A81BA-4702-490A-B729-0BFF6E7CBF96}" = Pinnacle PCI Performance Enhancer
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
    "{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
    "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A35F91E-1D16-454F-A248-B9B782A2327C}" = Dell Support 3.2.1
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0
    "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
    "{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
    "{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
    "{9C0ADF96-20E7-4671-88D2-39B5A307E2A2}" = Pinnacle USB device drivers
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
    "{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
    "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
    "{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
    "{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
    "{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
    "{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CAL" = Canon Camera Access Library
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
    "CSCLIB" = Canon Camera Support Core Library
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "Defraggler" = Defraggler
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "EOS Utility" = Canon Utilities EOS Utility
    "ERUNT_is1" = ERUNT 1.1j
    "getPlus(R)_ocx" = getPlus(R)_ocx
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
    "InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
    "MSC" = McAfee SecurityCenter
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PhotoRecord" = Canon PhotoRecord
    "PRJSTDR" = Microsoft Office Project Standard 2007 Trial
    "ProInst" = Intel(R) PROSet/Wireless Software
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureDC" = Canon Utilities RemoteCapture DC
    "Sportsbook Poker" = Sportsbook.com Poker
    "SystemRequirementsLab" = System Requirements Lab
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "309a46b1dc89b774" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/18/2010 7:18:26 PM | Computer Name = CAHILL | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
    shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.

    Error - 1/18/2010 7:25:00 PM | Computer Name = CAHILL | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
    shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.

    Error - 1/18/2010 7:25:39 PM | Computer Name = CAHILL | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
    shlwapi.dll, version 6.0.2900.5512, fault address 0x0002c4a8.

    Error - 1/19/2010 5:26:26 PM | Computer Name = CAHILL | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 1/22/2010 6:15:44 PM | Computer Name = CAHILL | Source = McLogEvent | ID = 5004
    Description = Could not contact Filter Driver. Error = 0x2 : The system cannot find
    the file specified.

    Error - 1/24/2010 8:55:52 AM | Computer Name = CAHILL | Source = Windows Search Service | ID = 3079
    Description = Notifications for the volume c:\ are not active.

    Error - 1/24/2010 11:13:19 AM | Computer Name = CAHILL | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
    longer than 90000 ms to complete a request. The process will be terminated. Thread
    id : 3308 (0xcec) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
    / 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\Common
    Files\Symantec Shared\CCPD-LC\symlcrst.dll by C:\Program Files\Common Files\Symantec
    Shared\CCPD-LC\symlcsvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

    5006(0)(0) 5004(0)(0)

    Error - 1/24/2010 11:14:14 AM | Computer Name = CAHILL | Source = Application Error | ID = 1000
    Description = Faulting application weather.exe, version 6.8.0.4, faulting module
    ntdll.dll, version 5.1.2600.5755, fault address 0x0000252c.

    Error - 1/25/2010 10:06:20 AM | Computer Name = CAHILL | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
    longer than 90000 ms to complete a request. The process will be terminated. Thread
    id : 4020 (0xfb4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
    / 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\Common
    Files\Symantec Shared\CCPD-LC\symlcrst.dll by C:\Program Files\Common Files\Symantec
    Shared\CCPD-LC\symlcsvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

    5006(0)(0) 5004(0)(0)

    Error - 1/25/2010 10:56:35 PM | Computer Name = CAHILL | Source = Windows Search Service | ID = 3079
    Description = Notifications for the volume c:\ are not active.

    [ System Events ]
    Error - 1/25/2010 11:22:00 PM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7000
    Description = The DVC 150B service failed to start due to the following error: %%1058

    Error - 1/26/2010 10:07:49 AM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7000
    Description = The DVC 150B service failed to start due to the following error: %%1058

    Error - 1/26/2010 10:08:58 AM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
    to connect.

    Error - 1/26/2010 10:08:58 AM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7000
    Description = The McAfee SystemGuards service failed to start due to the following
    error: %%1053

    Error - 1/26/2010 4:19:36 PM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7000
    Description = The DVC 150B service failed to start due to the following error: %%1058

    Error - 1/27/2010 12:31:10 AM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7000
    Description = The DVC 150B service failed to start due to the following error: %%1058

    Error - 1/27/2010 12:31:23 AM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
    asc3550
    cbidf
    cd20xrnt
    CmdIde
    Cpqarray
    dac2w2k
    dac960nt
    dpti2o
    hpn
    i2omp
    ini910u
    IntelIde
    mraid35x
    perc2
    perc2hib
    ql1080
    Ql10wnt
    ql12160
    ql1240
    ql1280
    sisagp
    Sparrow
    symc810
    symc8xx
    sym_hi
    sym_u3
    TosIde
    ultra
    viaagp
    ViaIde

    Error - 1/27/2010 6:26:03 PM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7000
    Description = The DVC 150B service failed to start due to the following error: %%1058

    Error - 1/28/2010 8:59:36 AM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7000
    Description = The DVC 150B service failed to start due to the following error: %%1058

    Error - 1/28/2010 3:31:34 PM | Computer Name = CAHILL | Source = Service Control Manager | ID = 7000
    Description = The DVC 150B service failed to start due to the following error: %%1058


    < End of report >


    Malwarebytes' Anti-Malware 1.44
    Database version: 3642
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    1/26/2010 11:25:39 PM
    mbam-log-2010-01-26 (23-25-39).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 205182
    Time elapsed: 1 hour(s), 48 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\SYSTEM32\DRIVERS\76y754Y88.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

  7. #7
    Retired Graduate
    Join Date
    Dec 2009
    Posts
    83

    Default

    Hi mandfense,

    I notice you have posted at BleepingComputer. We had the topic closed there as two helpers working on the same computer can cause confusion and problems.

    To answer your other question, I used to use Norton 360, but uninstalled it so it's not used anymore.
    OK, we will deal with that later.


    Warning
    You have a deep-rooted infection. I suggest you back up any important data before you perform the following. Be aware that sometimes malware causes major damage to Windows. Despite our best efforts, sometimes a reformat and re-install of Windows may be necessary.



    TDSSKiller

    • Click here to download TDSSKiller to your desktop.
    • Extract TDSSKiller.zip to your desktop so that TDSSKiller.exe is on your desktop (not in a folder).
      NOTE: Close all running programs as a reboot may be necessary.
    • Copy the text in code box below.
      Code:
      "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
    • Click Start, click Run... and paste the above command in the Open: box and click OK.
    • If TDSSKiller finds something, allow it to delete what it finds.
    • Once the tool is finished, press any key to continue and allow the computer to reboot if necessary.
    • Locate the log, tdskiller.txt, on your desktop and post the contents of that log in your next reply.



    Scan with OTL

    The OTL.txt log was not complete. Please run OTL again as described below and post the log. Only OTL.txt should be created this time.

    • Close all other open windows, then double-click OTL.exe to start OTL
    • Under Output, ensure that Minimal Output is selected
    • Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
    • Click Run Scan in upper left of window.
    • When the scan is finished, a log will open (OTL.txt)
    • Please post the contents of OTL.txt in your next reply.



    Please reply with tdsskiller.txt and OTL.txt.
    Graduate of Malware Removal University. You too could train to help others.

    Spybot Search & Destroy tutorial

  8. #8
    Junior Member
    Join Date
    Jan 2010
    Posts
    12

    Default

    Thanks for closing the request on bleepingcomputer. I had forgotten I posted there as well. Logs you have requested are below:

    11:26:43:077 3808 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
    11:26:43:077 3808 ================================================================================
    11:26:43:077 3808 SystemInfo:

    11:26:43:077 3808 OS Version: 5.1.2600 ServicePack: 3.0
    11:26:43:077 3808 Product type: Workstation
    11:26:43:077 3808 ComputerName: CAHILL
    11:26:43:077 3808 UserName: Tom
    11:26:43:077 3808 Windows directory: C:\WINDOWS
    11:26:43:077 3808 Processor architecture: Intel x86
    11:26:43:077 3808 Number of processors: 1
    11:26:43:077 3808 Page size: 0x1000
    11:26:43:077 3808 Boot type: Normal boot
    11:26:43:077 3808 ================================================================================
    11:26:46:933 3808 UnloadDriverW: NtUnloadDriver error 2
    11:26:46:933 3808 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
    11:26:47:073 3808 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
    11:26:48:114 3808 UtilityInit: KLMD drop and load success
    11:26:48:114 3808 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
    11:26:48:114 3808 UtilityInit: KLMD open success
    11:26:48:114 3808 UtilityInit: Initialize success
    11:26:48:114 3808
    11:26:48:134 3808 Scanning Services ...
    11:26:48:134 3808 CreateRegParser: Registry parser init started
    11:26:48:134 3808 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
    11:26:48:134 3808 CreateRegParser: DisableWow64Redirection error
    11:26:48:134 3808 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
    11:26:48:134 3808 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
    11:26:48:134 3808 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    11:26:48:134 3808 wfopen_ex: Trying to KLMD file open
    11:26:48:134 3808 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
    11:26:48:134 3808 wfopen_ex: File opened ok (Flags 2)
    11:26:48:134 3808 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 264950
    11:26:48:134 3808 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
    11:26:48:134 3808 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
    11:26:48:134 3808 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    11:26:48:134 3808 wfopen_ex: Trying to KLMD file open
    11:26:48:134 3808 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
    11:26:48:134 3808 wfopen_ex: File opened ok (Flags 2)
    11:26:48:134 3808 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 2649F8
    11:26:48:134 3808 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
    11:26:48:134 3808 CreateRegParser: EnableWow64Redirection error
    11:26:48:134 3808 CreateRegParser: RegParser init completed
    11:26:58:329 3808 GetAdvancedServicesInfo: Raw services enum returned 408 services
    11:26:58:449 3808 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
    11:26:58:449 3808 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
    11:26:58:449 3808
    11:26:58:449 3808 Scanning Kernel memory ...
    11:26:58:449 3808 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
    11:26:58:449 3808 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 83331158
    11:26:58:449 3808 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
    11:26:58:449 3808
    11:26:58:449 3808 DetectCureTDL3: DEVICE_OBJECT: 833954D8
    11:26:58:449 3808 KLMD_GetLowerDeviceObject: Trying to get lower device object for 833954D8
    11:26:58:449 3808 KLMD_ReadMem: Trying to ReadMemory 0x833954D8[0x38]
    11:26:58:449 3808 DetectCureTDL3: DRIVER_OBJECT: 83331158
    11:26:58:449 3808 KLMD_ReadMem: Trying to ReadMemory 0x83331158[0xA8]
    11:26:58:449 3808 KLMD_ReadMem: Trying to ReadMemory 0xE1AB1318[0x18]
    11:26:58:449 3808 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (0) addr: F87FCBB0
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (2) addr: F87FCBB0
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (3) addr: F87F6D1F
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (4) addr: F87F6D1F
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (9) addr: F87F72E2
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (14) addr: F87F73BB
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (15) addr: F87FAF28
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (16) addr: F87F72E2
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
    11:26:58:449 3808 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
    11:26:58:459 3808 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
    11:26:58:459 3808 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
    11:26:58:459 3808 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
    11:26:58:459 3808 DetectCureTDL3: IrpHandler (22) addr: F87F8C82
    11:26:58:459 3808 DetectCureTDL3: IrpHandler (23) addr: F87FD99E
    11:26:58:459 3808 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
    11:26:58:459 3808 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
    11:26:58:459 3808 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
    11:26:58:459 3808 TDL3_FileDetect: Processing driver: Disk
    11:26:58:459 3808 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
    11:26:58:459 3808 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
    11:26:58:549 3808 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
    11:26:58:549 3808
    11:26:58:549 3808 DetectCureTDL3: DEVICE_OBJECT: 833958A0
    11:26:58:549 3808 KLMD_GetLowerDeviceObject: Trying to get lower device object for 833958A0
    11:26:58:549 3808 KLMD_ReadMem: Trying to ReadMemory 0x833958A0[0x38]
    11:26:58:549 3808 DetectCureTDL3: DRIVER_OBJECT: 83331158
    11:26:58:549 3808 KLMD_ReadMem: Trying to ReadMemory 0x83331158[0xA8]
    11:26:58:549 3808 KLMD_ReadMem: Trying to ReadMemory 0xE1AB1318[0x18]
    11:26:58:549 3808 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (0) addr: F87FCBB0
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (2) addr: F87FCBB0
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (3) addr: F87F6D1F
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (4) addr: F87F6D1F
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (9) addr: F87F72E2
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (14) addr: F87F73BB
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (15) addr: F87FAF28
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (16) addr: F87F72E2
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (22) addr: F87F8C82
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (23) addr: F87FD99E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
    11:26:58:549 3808 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
    11:26:58:549 3808 TDL3_FileDetect: Processing driver: Disk
    11:26:58:559 3808 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
    11:26:58:559 3808 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
    11:26:58:569 3808 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
    11:26:58:569 3808
    11:26:58:569 3808 DetectCureTDL3: DEVICE_OBJECT: 83395C68
    11:26:58:569 3808 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83395C68
    11:26:58:569 3808 KLMD_ReadMem: Trying to ReadMemory 0x83395C68[0x38]
    11:26:58:569 3808 DetectCureTDL3: DRIVER_OBJECT: 83331158
    11:26:58:569 3808 KLMD_ReadMem: Trying to ReadMemory 0x83331158[0xA8]
    11:26:58:569 3808 KLMD_ReadMem: Trying to ReadMemory 0xE1AB1318[0x18]
    11:26:58:569 3808 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (0) addr: F87FCBB0
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (2) addr: F87FCBB0
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (3) addr: F87F6D1F
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (4) addr: F87F6D1F
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (9) addr: F87F72E2
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (14) addr: F87F73BB
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (15) addr: F87FAF28
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (16) addr: F87F72E2
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (22) addr: F87F8C82
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (23) addr: F87FD99E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
    11:26:58:569 3808 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
    11:26:58:569 3808 TDL3_FileDetect: Processing driver: Disk
    11:26:58:569 3808 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
    11:26:58:569 3808 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
    11:26:58:579 3808 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
    11:26:58:579 3808
    11:26:58:579 3808 DetectCureTDL3: DEVICE_OBJECT: 833994B8
    11:26:58:579 3808 KLMD_GetLowerDeviceObject: Trying to get lower device object for 833994B8
    11:26:58:579 3808 DetectCureTDL3: DEVICE_OBJECT: 83390B00
    11:26:58:579 3808 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83390B00
    11:26:58:579 3808 KLMD_ReadMem: Trying to ReadMemory 0x83390B00[0x38]
    11:26:58:579 3808 DetectCureTDL3: DRIVER_OBJECT: 8334B380
    11:26:58:579 3808 KLMD_ReadMem: Trying to ReadMemory 0x8334B380[0xA8]
    11:26:58:579 3808 KLMD_ReadMem: Trying to ReadMemory 0x83371030[0x38]
    11:26:58:579 3808 KLMD_ReadMem: Trying to ReadMemory 0x8339D868[0xA8]
    11:26:58:579 3808 KLMD_ReadMem: Trying to ReadMemory 0xE1A48D80[0x1A]
    11:26:58:579 3808 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (0) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (1) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (2) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (3) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (4) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (5) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (6) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (7) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (8) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (9) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (10) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (11) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (12) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (13) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (14) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (15) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (16) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (17) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (18) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (19) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (20) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (21) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (22) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (23) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (24) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (25) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: IrpHandler (26) addr: 832CA856
    11:26:58:579 3808 DetectCureTDL3: All IRP handlers pointed to one addr: 832CA856
    11:26:58:579 3808 KLMD_ReadMem: Trying to ReadMemory 0x832CA856[0x400]
    11:26:58:579 3808 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109
    11:26:58:579 3808 Driver "atapi" Irp handler infected by TDSS rootkit ... 11:26:58:579 3808 KLMD_WriteMem: Trying to WriteMemory 0x832CA8CF[0xD]
    11:26:58:579 3808 cured
    11:26:58:579 3808 KLMD_ReadMem: Trying to ReadMemory 0x832CA701[0x400]
    11:26:58:579 3808 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
    11:26:58:579 3808 Driver "atapi" StartIo handler infected by TDSS rootkit ... 11:26:58:579 3808 TDL3_StartIoHookCure: Number of patches 1
    11:26:58:579 3808 KLMD_WriteMem: Trying to WriteMemory 0x832CA80A[0x6]
    11:26:58:579 3808 cured
    11:26:58:579 3808 TDL3_FileDetect: Processing driver: atapi
    11:26:58:579 3808 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:26:58:579 3808 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:26:58:599 3808 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
    11:26:58:599 3808 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 11:26:58:599 3808 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:26:58:599 3808 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
    11:26:58:669 3808 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\I386\sp3.cab
    11:26:58:780 3808 CabinetCallback: Backup candidate found: atapi.sys:96512, extracting..
    11:26:59:170 3808 CabinetCallback: File extracted successfully: C:\DOCUME~1\Tom\LOCALS~1\Temp\bck1A.tmp
    11:26:59:170 3808 ValidateDriverFile: Stage 1 passed
    11:26:59:180 3808 ValidateDriverFile: Stage 2 passed
    11:27:00:913 3808 DigitalSignVerifyByHandle: Embedded DS result: 800B0100
    11:27:08:904 3808 DigitalSignVerifyByHandle: Cat DS result: 00000000
    11:27:08:904 3808 ValidateDriverFile: Stage 3 passed
    11:27:08:904 3808 CabinetCallback: File validated successfully, restore information prepared
    11:27:08:904 3808 FindDriverFileBackup: Backup copy found in cab-file
    11:27:08:904 3808 TDL3_FileCure: Backup copy found, using it..
    11:27:08:934 3808 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tsk1D.tmp
    11:27:09:094 3808 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk1D.tmp, system32\drivers\atapi.sys)
    11:27:09:094 3808 TDL3_FileCure: KLMD jobs schedule success
    11:27:09:094 3808 will be cured on next reboot
    11:27:09:094 3808 UtilityBootReinit: Reboot required for cure complete..
    11:27:09:094 3808 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
    11:27:09:195 3808 UtilityBootReinit: KLMD drop success
    11:27:09:215 3808 KLMD_ApplyPendList: Pending buffer(5976_98D, 608) dropped successfully
    11:27:09:215 3808 UtilityBootReinit: Cure on reboot scheduled successfully
    11:27:09:215 3808
    11:27:09:215 3808 Completed
    11:27:09:215 3808
    11:27:09:215 3808 Results:
    11:27:09:215 3808 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
    11:27:09:215 3808 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    11:27:09:215 3808 File objects infected / cured / cured on reboot: 1 / 0 / 1
    11:27:09:215 3808
    11:27:09:215 3808 UnloadDriverW: NtUnloadDriver error 1
    11:27:09:215 3808 KLMD_Unload: UnloadDriverW(klmd21) error 1
    11:27:09:215 3808 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
    11:27:09:215 3808 UtilityDeinit: KLMD(ARK) unloaded successfully

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Posts
    12

    Default

    OTL logfile created on: 1/29/2010 11:34:50 AM - Run 2
    OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Tom\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 25.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 53.08 Gb Total Space | 12.97 Gb Free Space | 24.44% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 500.97 Mb Total Space | 496.68 Mb Free Space | 99.14% Space Free | Partition Type: FAT
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CAHILL
    Current User Name: Tom
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    PRC - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
    PRC - C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
    PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
    PRC - C:\Program Files\Motorola Media Link\NServiceEntry.exe (Nero AG)
    PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\WINDOWS\SYSTEM32\WLTRAY.EXE (Dell Inc.)
    PRC - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE ()
    PRC - C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE (Dell Inc.)
    PRC - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
    PRC - C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
    PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
    PRC - C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\SYSTEM32\BacsTray.exe (Broadcom Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (RoxLiveShare9) -- File not found
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
    SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
    SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
    SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe (Nero AG)
    SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
    SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
    SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
    SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
    SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
    SRV - (NVSvc) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (嶔苻) -- C:\WINDOWS\SYSTEM32\DRIVERS\嶔苻.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??.sys] ()
    DRV - (耀ऺ) -- C:\WINDOWS\SYSTEM32\DRIVERS\耀ऺ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??.sys] ()
    DRV - (MCAGENT.EXE) -- C:\WINDOWS\SYSTEM32\DRIVERS\MCAGENT.EXE.sys ()
    DRV - ({89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}) -- C:\WINDOWS\SYSTEM32\DRIVERS\{89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}.sys ()
    DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
    DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
    DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
    DRV - (androidusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\motoandroid.sys (Motorola)
    DRV - (USBAAPL) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys (Apple, Inc.)
    DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
    DRV - (usb_rndisx) -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023x.sys (Microsoft Corporation)
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
    DRV - (s24trans) -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys (Intel Corporation)
    DRV - (w29n51) Intel(R) -- C:\WINDOWS\SYSTEM32\DRIVERS\w29n51.sys (Intel® Corporation)
    DRV - (RimVSerPort) -- C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
    DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (wceusbsh) -- C:\WINDOWS\SYSTEM32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
    DRV - (symlcbrd) -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys (Symantec Corporation)
    DRV - (HSF_DPV) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS (Conexant Systems, Inc.)
    DRV - (HSFHWICH) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys (SigmaTel, Inc.)
    DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
    DRV - (BrScnUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys (Brother Industries Ltd.)
    DRV - (BrSerIf) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrSerIf.sys (Brother Industries Ltd.)
    DRV - (IWCA) -- C:\WINDOWS\SYSTEM32\DRIVERS\iwca.sys (Intel Corporation)
    DRV - (ApfiltrService) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
    DRV - (ROOTMODEM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS (Microsoft Corporation)
    DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
    DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant)
    DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Inc)
    DRV - (BrUsbSer) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbSer.sys (Brother Industries Ltd.)
    DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (DVC150) -- C:\WINDOWS\SYSTEM32\DRIVERS\DVC150B.sys (Cirrus Logic Inc.)
    DRV - (StMp3Rec) -- C:\WINDOWS\SYSTEM32\DRIVERS\StMp3Rec.sys (Koninklijke Philips)
    DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (PCLEPCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCLEPCI.sys (Pinnacle Systems GmbH)
    DRV - (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) -- C:\WINDOWS\SYSTEM32\DRIVERS\CamDrL21.sys (Logitech Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (E100B) Intel(R) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS (Intel Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.sju.edu/cp/home/loginf
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/25 09:13:33 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/25 09:13:51 | 00,000,000 | ---D | M]

    [2010/01/18 18:31:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
    [2010/01/19 22:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\jlmchpka.default\extensions
    [2010/01/27 17:51:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2008/09/15 11:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

    O1 HOSTS File: ([2004/08/04 06:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [bacstray] C:\WINDOWS\System32\BacsTray.exe (Broadcom Corporation)
    O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\SYSTEM32\WLTRAY.EXE (Dell Inc.)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [PCLEPCI] C:\Program Files\Pinnacle\PPE\PPE.exe (Pinnacle Systems GmbH)
    O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...2/wmsp9dmo.cab (Reg Error: Value error.)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15012/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/downlo...ualEarth3D.cab (Reg Error: Value error.)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Value error.)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...0C/wmv9dmo.cab (Reg Error: Value error.)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1124230267271 (MUWebControl Class)
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} http://dm.screensavers.com/dm/instal...sinstaller.cab (Reg Error: Value error.)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/Veriz...oadControl.cab (Verizon Wireless Media Upload)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} http://www.snapfish.com/SnapfishUpload.cab (Snapfish File Upload ActiveX Control)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/.../en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download...basetup160.cab (Reg Error: Value error.)
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab (Dell PC Checkup Installer Control)
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15012/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{16701280-36cb-11de-8031-0011436728ea}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe -- File not found
    O33 - MountPoints2\{16701280-36cb-11de-8031-0011436728ea}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe -- File not found
    O33 - MountPoints2\{37cf62d0-8d31-11de-80cd-0011436728ea}\Shell - "" = AutoRun
    O33 - MountPoints2\{37cf62d0-8d31-11de-80cd-0011436728ea}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{37cf62d0-8d31-11de-80cd-0011436728ea}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/01/12 18:44:23 | 00,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16891891626803200)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/01/27 17:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/01/27 17:51:04 | 00,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/01/27 17:51:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/01/27 17:51:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/01/25 09:38:14 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
    [2010/01/23 20:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\WeatherBug
    [2010/01/23 17:11:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/01/23 17:11:35 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/01/23 17:11:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/01/22 17:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/01/22 16:11:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/01/22 16:10:26 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2010/01/19 16:24:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2010/01/19 15:28:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/01/19 15:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/01/19 15:26:15 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
    [2010/01/18 14:52:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
    [2010/01/18 14:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/01/13 14:17:43 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
    [2010/01/13 08:44:14 | 00,176,392 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Tom\Desktop\TDSSKiller.exe
    [2009/07/22 08:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/06/01 20:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2008/12/18 12:30:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2008/10/26 22:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
    [2008/10/26 22:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
    [2008/07/09 16:49:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
    [2007/07/24 20:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2007/05/30 17:30:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2005/01/07 02:14:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/01/29 11:32:42 | 00,014,825 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/01/29 11:31:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2010/01/29 11:31:04 | 00,011,195 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2010/01/29 11:30:40 | 00,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/01/29 11:29:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/01/29 11:29:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2010/01/29 11:29:53 | 53,612,9536 | -HS- | M] () -- C:\hiberfil.sys
    [2010/01/29 11:28:14 | 08,650,752 | -H-- | M] () -- C:\Documents and Settings\Tom\NTUSER.DAT
    [2010/01/29 11:28:14 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Tom\NTUSER.INI
    [2010/01/29 11:27:48 | 06,448,508 | -H-- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\IconCache.db
    [2010/01/29 10:49:00 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1632080614-2041568419-3765997130-1006UA.job
    [2010/01/29 10:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
    [2010/01/29 08:50:16 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
    [2010/01/28 22:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
    [2010/01/28 16:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
    [2010/01/28 14:46:15 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\f9gtbx2t.exe
    [2010/01/28 14:45:21 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
    [2010/01/27 21:47:28 | 00,097,792 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\PFP Chapter 1.doc
    [2010/01/27 21:33:33 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Mod#1 DB#2.doc
    [2010/01/27 17:56:04 | 00,010,311 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\ProgramList
    [2010/01/26 19:08:38 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Wedding List.xls
    [2010/01/26 18:56:53 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Addresses.xls
    [2010/01/26 18:38:04 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Microsoft Office Excel 2003.lnk
    [2010/01/26 16:29:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/01/25 13:49:07 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Tom\My Documents\~$d#1 DB#2.doc
    [2010/01/25 13:36:54 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Mod#1 DB#1 Responses.doc
    [2010/01/25 12:49:06 | 00,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1632080614-2041568419-3765997130-1006Core.job
    [2010/01/25 09:48:08 | 00,034,636 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\cc_20100125_094758.reg
    [2010/01/24 22:00:01 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
    [2010/01/24 19:01:49 | 00,001,664 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Sportsbook.com Poker.lnk
    [2010/01/24 04:29:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
    [2010/01/24 03:08:27 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010/01/23 20:08:49 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/01/23 20:01:23 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/01/23 17:11:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/22 17:00:21 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\HijackThis.lnk
    [2010/01/22 16:10:38 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/01/22 16:10:28 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\ERUNT.lnk
    [2010/01/20 12:46:24 | 00,002,268 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Google Chrome.lnk
    [2010/01/19 15:29:01 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
    [2010/01/18 18:36:34 | 00,014,049 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\bookmarks.html
    [2010/01/18 18:30:36 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/01/18 17:55:48 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
    [2010/01/18 14:09:15 | 00,011,195 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2010/01/17 18:43:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MCAGENT.EXE.sys
    [2010/01/16 16:57:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\{89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}.sys
    [2010/01/14 15:21:55 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Microsoft Streets & Trips.lnk
    [2010/01/13 10:26:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/01/13 08:44:14 | 00,176,392 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Tom\Desktop\TDSSKiller.exe
    [2010/01/10 19:36:53 | 00,141,072 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\SaveTheDate2.pdf
    [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/01/07 09:34:05 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Microsoft Office Outlook 2003.lnk
    [2010/01/05 05:00:29 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
    [2010/01/05 05:00:28 | 01,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
    [2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
    [2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
    [2010/01/05 05:00:28 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
    [2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
    [2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
    [2010/01/05 05:00:28 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
    [2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
    [2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
    [2010/01/05 05:00:27 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
    [2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
    [2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
    [2010/01/05 05:00:26 | 03,599,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
    [2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
    [2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
    [2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
    [2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
    [2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
    [2010/01/05 05:00:24 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
    [2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
    [2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
    [2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
    [2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
    [2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
    [2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
    [2010/01/05 05:00:23 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
    [2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
    [2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
    [2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
    [2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
    [2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
    [2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
    [2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
    [2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
    [2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
    [2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
    [2010/01/05 05:00:21 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
    [2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
    [2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2010/01/05 05:00:21 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
    [2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
    [2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
    [2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
    [2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
    [2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
    [2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
    [2009/12/31 10:33:27 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
    [2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
    [2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
    [2009/12/31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
    [2009/12/31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe

    ========== Files Created - No Company Name ==========

    [2010/01/28 14:46:14 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\f9gtbx2t.exe
    [2010/01/27 21:44:14 | 00,097,792 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\PFP Chapter 1.doc
    [2010/01/27 17:56:04 | 00,010,311 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\ProgramList
    [2010/01/25 13:49:07 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Tom\My Documents\~$d#1 DB#2.doc
    [2010/01/25 13:44:49 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\Mod#1 DB#2.doc
    [2010/01/25 12:54:33 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\Mod#1 DB#1 Responses.doc
    [2010/01/25 09:48:03 | 00,034,636 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\cc_20100125_094758.reg
    [2010/01/23 17:11:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/22 17:00:20 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\HijackThis.lnk
    [2010/01/22 16:10:38 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Tom\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/01/22 16:10:28 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\ERUNT.lnk
    [2010/01/22 15:58:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/01/22 15:58:38 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
    [2010/01/22 15:58:34 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
    [2010/01/20 12:46:24 | 00,002,268 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Google Chrome.lnk
    [2010/01/20 12:44:32 | 00,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1632080614-2041568419-3765997130-1006UA.job
    [2010/01/20 12:44:25 | 00,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1632080614-2041568419-3765997130-1006Core.job
    [2010/01/19 16:53:45 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
    [2010/01/19 16:53:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
    [2010/01/19 15:29:01 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Spybot - Search & Destroy.lnk
    [2010/01/18 18:36:34 | 00,014,049 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\bookmarks.html
    [2010/01/18 18:30:36 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/01/17 18:43:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MCAGENT.EXE.sys
    [2010/01/16 16:57:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\{89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}.sys
    [2010/01/10 19:36:53 | 00,141,072 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\SaveTheDate2.pdf
    [2009/12/06 22:13:21 | 00,007,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
    [2009/11/18 15:03:09 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/11/17 23:22:56 | 00,095,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2008/05/10 09:07:00 | 00,038,473 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Comma Separated Values (Windows).ADR
    [2008/05/03 12:18:47 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/02/19 01:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2008/02/17 19:07:13 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
    [2008/02/17 19:05:28 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2008/01/13 16:42:49 | 00,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
    [2007/11/11 18:48:51 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2007/11/11 18:48:47 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/05/15 14:54:43 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/28 14:26:28 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\$_hpcst$.hpc
    [2006/12/19 21:28:25 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/04/30 13:09:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\veassc egblxse kvexe.dll
    [2006/04/30 13:09:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dbgelfebcvaeucefsklu.dll
    [2006/04/30 13:09:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\blegailxikaxile kax.dll
    [2006/04/30 13:09:19 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ifdffc lekgxkg d bls.dll
    [2005/09/05 21:46:14 | 00,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
    [2005/09/05 21:46:14 | 00,000,211 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2005/09/05 21:46:14 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2005/09/05 21:46:13 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2005/09/05 21:45:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
    [2005/06/12 15:32:22 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
    [2005/06/10 20:46:47 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
    [2005/01/13 16:49:50 | 00,130,560 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/01/12 21:49:13 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\fusioncache.dat
    [2005/01/12 21:40:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2005/01/12 21:25:03 | 00,011,653 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2005/01/12 00:13:54 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/01/11 23:38:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/01/11 20:16:07 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\QSPMShare
    [2005/01/07 02:57:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/01/07 02:50:06 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/01/07 02:15:18 | 00,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/09/15 22:49:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/12 09:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
    [2004/08/10 14:13:12 | 00,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
    [2004/03/18 07:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
    [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
    [2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
    [2008/09/20 16:23:38 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
    [2008/09/20 16:23:38 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
    [2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\agp440.sys
    [2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
    [2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS

    < MD5 for: ATAPI.SYS >
    [2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
    [2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
    [2008/09/20 16:23:38 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
    [2008/09/20 16:23:38 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2010/01/29 08:50:16 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
    [2010/01/29 11:29:22 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
    [2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
    [2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
    [2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
    [2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
    [2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
    [2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
    [2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    ========== Files - Unicode (All) ==========
    [2010/01/25 22:20:28 | 00,000,000 | ---- | M] ()(C:\WINDOWS\System32\drivers\??.sys) -- C:\WINDOWS\System32\drivers\嶔苻.sys
    [2010/01/25 22:20:28 | 00,000,000 | ---- | C] ()(C:\WINDOWS\System32\drivers\??.sys) -- C:\WINDOWS\System32\drivers\嶔苻.sys
    [2010/01/18 16:32:01 | 00,000,000 | ---- | M] ()(C:\WINDOWS\System32\drivers\??.sys) -- C:\WINDOWS\System32\drivers\耀ऺ.sys
    [2010/01/18 16:32:01 | 00,000,000 | ---- | C] ()(C:\WINDOWS\System32\drivers\??.sys) -- C:\WINDOWS\System32\drivers\耀ऺ.sys
    < End of report >

  10. #10
    Retired Graduate
    Join Date
    Dec 2009
    Posts
    83

    Default

    Hello mandfense,

    Please perform the following:


    Backup Registry With ERUNT

    Before we make changes to the registry, we need to back it up.

    • Highlight and Copy the entire command line from the code box below
      Code:
      "C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\pre-fix
    • Click Start, then click Run...
    • In the Run window, paste the command into the Open: box then click OK.


    You should briefly see a window with progress bars indicating that Erunt is backing up your registry.



    OTL

    • Double-click OTL.exe to start the program
    • Copy all of the text in the code box below and paste it in the white area under Custom Scans/Fixes (under the cyan line at the bottom of the window)
      Code:
      :otl
      DRV - (嶔苻) -- C:\WINDOWS\SYSTEM32\DRIVERS\嶔苻.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??.sys] ()
      DRV - (耀ऺ) -- C:\WINDOWS\SYSTEM32\DRIVERS\耀ऺ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??.sys] ()
      DRV - (MCAGENT.EXE) -- C:\WINDOWS\SYSTEM32\DRIVERS\MCAGENT.EXE.sys ()
      DRV - ({89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}) -- C:\WINDOWS\SYSTEM32\DRIVERS\{89BCEA6B-C797-434E-8D5A-C531A4E3ACF2}.sys ()
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
      O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...2/wmsp9dmo.cab (Reg Error: Value error.)
      O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/downlo...ualEarth3D.cab (Reg Error: Value error.)
      O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Value error.)
      O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...0C/wmv9dmo.cab (Reg Error: Value error.)
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
      O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
      O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} http://dm.screensavers.com/dm/instal...sinstaller.cab (Reg Error: Value error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
      
      :files
      C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
      C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
      C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
      C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
      C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
      C:\WINDOWS\System32\veassc egblxse kvexe.dll
      C:\WINDOWS\System32\dbgelfebcvaeucefsklu.dll
      C:\WINDOWS\System32\blegailxikaxile kax.dll
      C:\WINDOWS\System32\ifdffc lekgxkg d bls.dll
      
      :commands
      [emptytemp]
    • Close all running programs except for OTL, including all browser windows.
    • Then click Run Fix at the top of the window.
    • Once done, OTL will require a reboot. Please allow it.
    • After reboot, the log should open. Please save the log and post it in your next reply.



    Norton Cleanup

    • Click Here to download the Norton Removal Tool and save it to your desktop.
    • Double click on Norton_Removal_Tool.exe to start the tool.
    • Follow program prompts, to remove the Norton product.
    • Reboot your computer



    Please reply with the OTL log and inform me of how the computer is behaving now.
    Graduate of Malware Removal University. You too could train to help others.

    Spybot Search & Destroy tutorial

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •