Google Redirections & Cannot Access McAfee Website [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Google Redirections & Cannot Access McAfee Website [Solved]

Options

nrummel View Member Profile	Oct 27 2009, 09:16 AM Post #1
Member Posts: 13 OS: Windows 2000	I use firefox, and it often closes with an error and makes me restart it. Also, about half of the time when I click on a link, it takes me to the wrong webpage. I just recently tried to go to McAfee's website, but could not get there because an error would come up on the page saying it couldn't access the website. When looking around online to find a fix, I found a post on this website by a person with the exact same problem (same topic title). I just ran rootrepeal like they did, and I've attached the report. What now? Please help me! Thanks in advance. ps - just yesterday I got a virus or something that kept having a "Safety Center" window pop that looked like a windows icon, telling me something was wrong and to do certain things. I ran malwarbytes and deleted the files, but I'm not sure I completely removed it... also, I've had another virus in the past that was windows police (I think that's what it was called) and I run my virus scan an remove it, but it still comes back occasionally. Not sure if these are related to the original problem, but would appreciate help with them too. My computer is sick! Attached File(s) rootrepeal.txt ( 41.31K ) Number of downloads: 30

Rorschach112 View Member Profile	Oct 27 2009, 09:16 AM Post #2
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	hi Please download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". During the download, rename Combofix to Combo-Fix as follows: It is important you rename Combofix during the download, but not after. Please do not rename Combofix to other names, but only to the one indicated. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- Double click on combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\Combo-Fix.txt" for further review. Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall

Rorschach112 View Member Profile	Oct 28 2009, 06:01 AM Post #4
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	hi 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: c:\windows\wp4.dat c:\windows\wp3.dat NetSvc:: ilitteul KillAll:: Folder:: Registry:: Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Rorschach112 View Member Profile	Oct 28 2009, 11:37 AM Post #6
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	hi Please download OTM Save it to your desktop. Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes :Services :Reg [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\drivers\\svchost.exe"=- :Files :Commands [purity] [emptytemp] [Reboot] Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM and reboot your PC. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. Caution These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click NO In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked. Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop. Post the contents of GMER.txt in your next reply. Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Under the Custom Scan box paste this in netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\.exe %SYSTEMDRIVE%\eventlog.dll /s /md5 %SYSTEMDRIVE%\scecli.dll /s /md5 %SYSTEMDRIVE%\netlogon.dll /s /md5 %SYSTEMDRIVE%\cngaudit.dll /s /md5 %SYSTEMDRIVE%\sceclt.dll /s /md5 %SYSTEMDRIVE%\ntelogon.dll /s /md5 %SYSTEMDRIVE%\logevent.dll /s /md5 %SYSTEMDRIVE%\iaStor.sys /s /md5 %SYSTEMDRIVE%\nvstor.sys /s /md5 %SYSTEMDRIVE%\atapi.sys /s /md5 %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 %SYSTEMDRIVE%\viasraid.sys /s /md5 %SYSTEMDRIVE%\AGP440.sys /s /md5 %SYSTEMDRIVE%\vaxscsi.sys /s /md5 Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt* and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

nrummel View Member Profile	Oct 28 2009, 04:57 PM Post #7
Member Posts: 13 OS: Windows 2000	All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 390354 bytes ->FireFox cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes User: Nick Rummel ->Temp folder emptied: 308607 bytes File delete failed. C:\Documents and Settings\Nick Rummel\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 7627069 bytes ->Java cache emptied: 58142092 bytes ->FireFox cache emptied: 60803493 bytes ->Google Chrome cache emptied: 594288 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 5221905 bytes Windows Temp folder emptied: 664 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 127.00 mb OTM by OldTimer - Version 3.0.0.6 log created on 10282009_154208 Files moved on Reboot... Registry entries deleted on Reboot...

Rorschach112 View Member Profile	Oct 28 2009, 06:12 PM Post #8
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	the other logs too

nrummel View Member Profile	Oct 29 2009, 09:21 AM Post #9
Member Posts: 13 OS: Windows 2000	I've ran gmer.exe twice now, and both times, after a couple of hours, my comp freezes and I can't do anything.

Rorschach112 View Member Profile	Oct 29 2009, 09:27 AM Post #10
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	how about OTL

nrummel View Member Profile	Oct 29 2009, 04:56 PM Post #11
Member Posts: 13 OS: Windows 2000	OTL logfile created on: 10/29/2009 8:50:57 AM - Run 1 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Nick Rummel\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1014.37 Mb Total Physical Memory \| 332.24 Mb Available Physical Memory \| 32.75% Memory free 2.38 Gb Paging File \| 1.46 Gb Available in Paging File \| 61.19% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 37.24 Gb Total Space \| 4.27 Gb Free Space \| 11.47% Space Free \| Partition Type: NTFS Drive D: \| 12.27 Gb Total Space \| 12.03 Gb Free Space \| 98.03% Space Free \| Partition Type: NTFS Drive E: \| 82.04 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NRUMMEL Current User Name: Nick Rummel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/10/29 08:50:28 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Nick Rummel\Desktop\OTL.exe PRC - [2009/09/21 16:36:12 \| 00,305,440 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/09/21 16:36:02 \| 00,545,568 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/09/16 14:48:40 \| 00,092,296 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/09/05 01:54:42 \| 00,417,792 \| ---- \| M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe PRC - [2009/08/28 19:42:54 \| 00,144,672 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/08/26 22:18:44 \| 00,634,648 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe PRC - [2009/08/04 06:26:44 \| 00,307,704 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/06/10 23:43:26 \| 00,364,544 \| ---- \| M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe PRC - [2009/06/04 21:58:37 \| 00,148,888 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/06/04 21:58:08 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/05/21 10:55:32 \| 00,206,064 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009/03/19 19:30:12 \| 07,308,584 \| ---- \| M] (Dassault Syst�mes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe PRC - [2009/02/06 03:10:02 \| 00,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008/12/12 11:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/08/13 18:32:40 \| 00,201,968 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008/08/08 05:11:12 \| 00,490,952 \| ---- \| M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008/06/14 10:41:54 \| 00,781,288 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe PRC - [2008/04/13 17:12:41 \| 00,013,824 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2008/04/13 17:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008/04/06 21:43:14 \| 00,068,856 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/01/25 01:38:12 \| 02,458,128 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2008/01/09 16:50:22 \| 00,767,976 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2007/12/11 12:33:42 \| 00,358,224 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2007/12/05 10:04:10 \| 00,695,624 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2007/11/26 10:46:14 \| 00,023,880 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe PRC - [2007/11/13 13:16:26 \| 00,359,248 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdui.exe PRC - [2007/11/01 23:32:00 \| 00,866,640 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcshell.exe PRC - [2007/11/01 19:12:38 \| 00,582,992 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2007/11/01 19:12:38 \| 00,265,040 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe PRC - [2007/07/24 12:02:14 \| 00,144,704 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2007/07/18 15:54:42 \| 00,856,864 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe PRC - [2007/03/15 11:09:36 \| 00,460,784 \| ---- \| M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe PRC - [2007/03/10 13:43:52 \| 00,270,336 \| ---- \| M] () -- C:\WINDOWS\tsnpstd3.exe PRC - [2007/02/22 08:46:24 \| 00,012,696 \| ---- \| M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe PRC - [2007/02/21 17:15:52 \| 00,056,096 \| ---- \| M] (National Instruments Corp.) -- C:\WINDOWS\System32\nisvcloc.exe PRC - [2007/02/14 22:54:06 \| 00,207,648 \| ---- \| M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe PRC - [2007/02/14 22:49:16 \| 00,064,288 \| ---- \| M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lktsrv.exe PRC - [2007/02/14 22:48:56 \| 00,056,096 \| ---- \| M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lkads.exe PRC - [2007/02/08 01:13:48 \| 00,774,168 \| ---- \| M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe PRC - [2007/02/08 01:12:48 \| 00,488,984 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2007/02/08 01:12:20 \| 00,230,936 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2007/02/06 22:47:46 \| 00,703,264 \| ---- \| M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe PRC - [2007/02/06 17:43:26 \| 00,252,704 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe PRC - [2007/01/22 11:38:44 \| 00,695,136 \| ---- \| M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lkcitdl.exe PRC - [2006/12/03 21:41:37 \| 00,185,896 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2006/11/03 09:01:16 \| 00,319,488 \| ---- \| M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe PRC - [2006/10/27 00:47:42 \| 00,031,016 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006/10/09 17:16:56 \| 00,237,568 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe PRC - [2006/09/19 08:07:28 \| 00,827,392 \| ---- \| M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2006/05/01 07:34:00 \| 00,262,217 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe PRC - [2006/05/01 07:28:26 \| 00,602,182 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe PRC - [2006/05/01 07:28:06 \| 00,667,718 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe PRC - [2006/05/01 07:26:14 \| 00,397,381 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2006/05/01 07:22:42 \| 00,540,745 \| ---- \| M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2006/05/01 07:20:52 \| 00,114,753 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2006/05/01 07:20:26 \| 00,217,164 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2006/04/06 12:58:52 \| 01,032,192 \| ---- \| M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2006/04/06 12:57:54 \| 00,380,928 \| ---- \| M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe PRC - [2006/03/26 23:44:08 \| 00,257,752 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe PRC - [2006/03/26 23:44:08 \| 00,221,400 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe PRC - [2006/03/26 23:44:06 \| 00,159,960 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe PRC - [2006/03/24 21:30:44 \| 00,282,624 \| ---- \| M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2006/03/20 18:34:50 \| 00,213,936 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe PRC - [2006/03/08 16:48:02 \| 00,761,947 \| ---- \| M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2005/12/13 21:45:00 \| 00,118,784 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe PRC - [2005/12/13 21:41:08 \| 00,077,824 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe PRC - [2005/12/09 18:29:52 \| 00,049,152 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe PRC - [2005/10/27 21:41:52 \| 00,491,520 \| ---- \| M] ( ) -- C:\WINDOWS\System32\dlcccoms.exe PRC - [2005/10/21 00:40:26 \| 00,430,080 \| ---- \| M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe PRC - [2005/09/29 12:01:14 \| 00,067,584 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2005/08/05 11:56:32 \| 00,102,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe PRC - [2005/08/05 11:56:28 \| 00,046,592 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe PRC - [2005/08/05 11:27:08 \| 00,099,328 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe PRC - [2005/08/02 10:45:16 \| 00,192,512 \| ---- \| M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4300 Series\lxcemon.exe PRC - [2005/07/26 05:17:18 \| 00,094,208 \| ---- \| M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 4300 Series\ezprint.exe PRC - [2005/07/06 03:14:12 \| 00,471,040 \| ---- \| M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcecoms.exe PRC - [2005/05/03 22:04:28 \| 09,150,464 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe PRC - [2005/05/03 20:07:32 \| 00,081,920 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe PRC - [2005/04/01 10:51:48 \| 00,217,600 \| ---- \| M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe PRC - [2004/12/05 23:05:00 \| 00,127,035 \| ---- \| M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe PRC - [2003/10/29 00:06:00 \| 00,024,576 \| ---- \| M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2003/09/10 00:24:00 \| 00,020,480 \| ---- \| M] () -- C:\Program Files\NetWaiting\netWaiting.exe PRC - [2003/06/19 21:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2002/06/18 14:04:54 \| 00,503,808 \| ---- \| M] () -- C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe PRC - [2002/06/18 03:37:22 \| 01,515,566 \| ---- \| M] (The MathWorks Inc.) -- c:\matlab6p5\bin\win32\matlab.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (CoordinatorServiceHost [On_Demand \| Stopped]) SRV - [2009/10/26 17:20:13 \| 02,309,520 \| ---- \| M] () -- c:\program files\common files\akamai\rswin_3600.dll -- (Akamai [Auto \| Running]) SRV - [2009/09/21 16:36:02 \| 00,545,568 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Running]) SRV - [2009/09/16 14:48:40 \| 00,092,296 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto \| Running]) SRV - [2009/09/10 23:08:41 \| 00,079,360 \| ---- \| M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand \| Stopped]) SRV - [2009/09/08 23:40:01 \| 00,651,720 \| ---- \| M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand \| Stopped]) SRV - [2009/08/28 19:42:54 \| 00,144,672 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2009/07/09 23:52:28 \| 00,316,312 \| ---- \| M] (McAfee, Inc.) -- C:\WINDOWS\Temp\0164771256828787mcinst.exe -- (0164771256828787mcinstcleanup [Auto \| Stopped]) SRV - [2009/06/04 21:58:08 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2009/06/02 23:29:36 \| 00,182,768 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand \| Stopped]) SRV - [2008/12/12 11:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto \| Running]) SRV - [2008/08/13 18:32:40 \| 00,201,968 \| ---- \| M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto \| Running]) SRV - [2008/07/29 22:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/07/25 12:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/25 12:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/04/13 17:12:35 \| 00,026,112 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe -- (SerialKeys [On_Demand \| Stopped]) SRV - [2008/04/13 17:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2008/01/25 01:38:12 \| 02,458,128 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto \| Running]) SRV - [2008/01/17 23:49:20 \| 00,079,360 \| ---- \| M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand \| Stopped]) SRV - [2008/01/09 16:50:22 \| 00,767,976 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto \| Running]) SRV - [2007/12/11 12:33:42 \| 00,358,224 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto \| Running]) SRV - [2007/12/05 10:04:10 \| 00,695,624 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand \| Running]) SRV - [2007/11/26 10:46:14 \| 00,023,880 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto \| Running]) SRV - [2007/11/07 09:35:40 \| 00,378,184 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand \| Stopped]) SRV - [2007/07/24 12:02:14 \| 00,144,704 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown \| Running]) SRV - [2007/07/18 15:54:42 \| 00,856,864 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto \| Running]) SRV - [2007/03/07 15:47:46 \| 00,076,848 \| ---- \| M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand \| Stopped]) SRV - [2007/02/22 08:46:24 \| 00,012,696 \| ---- \| M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr [Auto \| Running]) SRV - [2007/02/21 17:15:52 \| 00,056,096 \| ---- \| M] (National Instruments Corp.) -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc [Auto \| Running]) SRV - [2007/02/14 22:54:06 \| 00,207,648 \| ---- \| M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService [Auto \| Running]) SRV - [2007/02/14 22:49:16 \| 00,064,288 \| ---- \| M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lktsrv.exe -- (lkTimeSync [Auto \| Running]) SRV - [2007/02/14 22:48:56 \| 00,056,096 \| ---- \| M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lkads.exe -- (lkClassAds [Auto \| Running]) SRV - [2007/02/06 22:47:46 \| 00,703,264 \| ---- \| M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService [Auto \| Running]) SRV - [2007/01/29 15:19:48 \| 01,007,616 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager [On_Demand \| Stopped]) SRV - [2007/01/22 11:38:44 \| 00,695,136 \| ---- \| M] (National Instruments, Inc.) -- C:\WINDOWS\System32\lkcitdl.exe -- (LkCitadelServer [Auto \| Running]) SRV - [2006/10/27 00:47:54 \| 00,065,824 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand \| Stopped]) SRV - [2006/10/26 19:49:34 \| 00,441,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand \| Stopped]) SRV - [2006/10/26 14:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2006/10/18 21:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand \| Stopped]) SRV - [2006/10/09 17:16:56 \| 00,237,568 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto \| Running]) SRV - [2006/09/02 16:36:33 \| 02,528,960 \| ---- \| M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand \| Stopped]) SRV - [2006/05/01 07:34:00 \| 00,262,217 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto \| Running]) SRV - [2006/05/01 07:22:42 \| 00,540,745 \| ---- \| M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto \| Running]) SRV - [2006/05/01 07:20:52 \| 00,114,753 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto \| Running]) SRV - [2006/05/01 07:20:26 \| 00,217,164 \| ---- \| M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto \| Running]) SRV - [2006/04/06 12:57:54 \| 00,380,928 \| ---- \| M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto \| Running]) SRV - [2005/10/27 21:41:52 \| 00,491,520 \| ---- \| M] ( ) -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device [On_Demand \| Running]) SRV - [2005/09/23 07:01:16 \| 02,799,808 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled \| Stopped]) SRV - [2005/08/05 11:56:32 \| 00,102,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto \| Running]) SRV - [2005/08/05 11:27:08 \| 00,099,328 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto \| Running]) SRV - [2005/07/06 03:14:12 \| 00,471,040 \| ---- \| M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcecoms.exe -- (lxce_device [On_Demand \| Running]) SRV - [2005/05/03 22:04:28 \| 09,150,464 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ [Auto \| Running]) SRV - [2005/05/03 20:50:28 \| 00,073,728 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand \| Stopped]) SRV - [2005/05/03 19:42:56 \| 00,323,584 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ [On_Demand \| Stopped]) SRV - [2005/04/01 10:51:48 \| 00,217,600 \| ---- \| M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto \| Running]) SRV - [2004/12/02 08:28:32 \| 00,098,304 \| ---- \| M] (OPC Foundation) -- C:\WINDOWS\System32\OpcEnum.exe -- (OpcEnum [On_Demand \| Stopped]) SRV - [2004/10/22 03:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2004/08/10 02:11:50 \| 00,085,504 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand \| Stopped]) SRV - [2003/06/19 21:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) SRV - [2002/06/18 14:04:54 \| 00,503,808 \| ---- \| M] () -- C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe -- (matlabserver [Auto \| Running]) ========== Modules (SafeList) ========== MOD - [2009/10/29 08:50:28 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Nick Rummel\Desktop\OTL.exe MOD - [2009/10/06 11:42:48 \| 00,014,544 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll MOD - [2008/04/13 17:12:51 \| 01,054,208 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 17:12:00 \| 00,025,088 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll MOD - [2006/04/06 12:59:08 \| 00,073,728 \| ---- \| M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll MOD - [2005/12/13 21:39:58 \| 00,073,728 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.DLL ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.msn.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6 FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.4.2009073101 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.3.1 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.1.07282009_url_fix FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.6.15 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - prefs.js..extensions.enabledItems: {69718F4B-3565-4D65-B418-A321269E8B74}:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 FF - prefs.js..extensions.enabledItems: {3fb63340-652a-11dd-ad8b-0800200c9a66}:2.1 FF - prefs.js..extensions.enabledItems: {47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0 FF - prefs.js..extensions.enabledItems: {7779C76B-0B5B-42be-BDDD-114CDDEC6A73}:1.0 FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/27 17:23:35 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{69718F4B-3565-4D65-B418-A321269E8B74}: C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\{69718F4B-3565-4D65-B418-A321269E8B74}\ [2009/04/02 13:17:40 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/04 21:58:10 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:04 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/28 21:59:35 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 21:59:45 \| 00,000,000 \| ---D \| M] [2008/09/21 11:18:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Extensions [2008/09/21 11:18:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/10/23 14:51:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions [2009/09/02 17:07:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/10 00:40:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/21 23:58:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{3fb63340-652a-11dd-ad8b-0800200c9a66} [2009/10/22 00:04:31 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} [2009/10/21 22:56:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2009/10/21 23:46:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66} [2009/06/04 22:00:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/10/22 00:35:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{7779C76B-0B5B-42be-BDDD-114CDDEC6A73} [2009/10/22 00:31:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{961408A3-C970-4577-970A-D97C29839A67} [2009/10/21 22:56:21 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/10/22 00:04:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2009/10/21 22:56:21 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\elemhidehelper@adblockplus.org [2009/10/21 22:48:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\multipletab@piro.sakura.ne.jp [2009/10/21 22:56:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\personas@christopher.beard [2009/10/21 22:56:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\SkipScreen@SkipScreen [2009/10/22 00:35:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\mozilla\Firefox\Profiles\8j7bdunq.default\extensions\staged-xpis [2009/04/05 09:21:31 \| 00,001,739 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Application Data\Mozilla\FireFox\Profiles\8j7bdunq.default\searchplugins\aim-search.xml [2008/02/22 19:42:27 \| 00,001,877 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Application Data\Mozilla\FireFox\Profiles\8j7bdunq.default\searchplugins\aolsearch.xml [2009/02/24 17:42:01 \| 00,000,523 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Application Data\Mozilla\FireFox\Profiles\8j7bdunq.default\searchplugins\daemon-search.xml [2007/10/15 19:41:06 \| 00,002,386 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Application Data\Mozilla\FireFox\Profiles\8j7bdunq.default\searchplugins\siteadvisor.xml [2009/10/26 22:20:30 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2006/09/05 18:41:51 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/04 06:26:53 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/08/30 17:38:57 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2007/04/15 01:37:09 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007/08/18 18:14:54 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007/10/29 22:21:11 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/08/21 11:15:30 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/08/04 06:26:42 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/08/04 06:26:43 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2006/07/28 08:32:54 \| 00,049,152 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/06/04 21:56:37 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2007/04/22 17:02:18 \| 00,717,312 \| ---- \| M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2008/09/26 09:40:34 \| 00,053,248 \| ---- \| M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll [2009/03/12 15:16:54 \| 00,155,648 \| ---- \| M] (Dassault Syst�mes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll [2006/10/30 12:47:52 \| 01,380,656 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2005/10/12 15:04:02 \| 00,020,480 \| ---- \| M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll [2007/02/08 10:48:16 \| 00,028,448 \| ---- \| M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll [2006/11/21 10:43:42 \| 00,114,688 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll [2007/07/29 09:02:09 \| 00,284,248 \| ---- \| M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll [2009/08/04 06:26:48 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/10/26 20:12:16 \| 00,016,192 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2003/07/14 20:56:52 \| 00,013,888 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 04:18:30 \| 00,077,824 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2006/12/03 21:41:52 \| 00,144,984 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009/10/28 21:59:42 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/10/28 21:59:43 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/10/28 21:59:43 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/10/28 21:59:43 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/10/28 21:59:44 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/10/28 21:59:44 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/10/28 21:59:45 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2006/12/03 21:42:01 \| 00,024,576 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2006/12/03 21:41:45 \| 00,081,920 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2007/11/01 20:59:39 \| 04,100,096 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npsibelius.dll [2005/08/09 11:42:53 \| 00,057,344 \| ---- \| M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2007/03/09 16:16:44 \| 00,189,496 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2009/03/26 11:56:22 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/26 11:56:22 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/03/26 11:56:22 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/26 11:56:22 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/03/26 11:56:22 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/26 11:56:22 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/03/26 11:56:22 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll () O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (CleanMyPCPopupBlocker Class) - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll (CleanMyPC Software) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (CleanMyPC Toolbar) - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll (CleanMyPC Software) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL () O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 4300 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL () O4 - HKLM..\Run: [lxcemon.exe] C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [realteks] C:\Documents and Settings\Nick Rummel\Application Data\Google\tncfc7316459.exe () O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Syst�mes SolidWorks Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe () O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe () O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Nick Rummel\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Nick Rummel\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk = C:\Documents and Settings\Nick Rummel\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab (StagingUI Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Chessmaster Challenge\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab (ZoneBuddy Class) O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab (ZonePAChat Object) O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab50108.cab (ZPA_TexasHoldem Object) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Chessmaster Challenge\Images\armhelper.ocx (ArmHelper Control) O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab41227.cab (StadiumProxy Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll (Stardock) O24 - Desktop Components:0 (tets) - C:\WINDOWS\system32\onhelp.htm O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 02:43:04 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/02/14 12:27:46 \| 00,000,000 \| ---D \| M] - D:\autorun -- [ NTFS ] O32 - AutoRun File - [2006/12/15 13:32:12 \| 00,000,047 \| R--- \| M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1a517000-d909-11dc-8eee-0015c5a935eb}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDEULA.exe -- File not found O33 - MountPoints2\{4669c37e-c3dd-11de-8fa7-0015c5a935eb}\Shell - "" = AutoRun O33 - MountPoints2\{4669c37e-c3dd-11de-8fa7-0015c5a935eb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4669c37e-c3dd-11de-8fa7-0015c5a935eb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.3 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {75AE7B1B-AA9C-C4FE-93D3-454016F08DA4} - Vector Graphics Rendering (VML) ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {88D28416-AE72-24C6-D586-3A1757EB53C4} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CD13081A-6FF9-21B7-6133-A4CAECD56D8C} - Browser Customizations ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E8BB293C-33AB-AD4A-8F4C-861EC8B07069} - Browser Customizations ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) ========== Files/Folders - Created Within 14 Days ========== [2009/10/25 18:25:20 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\AskToolbar [2009/10/22 23:48:09 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\DVDVideoSoft [2009/10/22 23:49:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Ask.com [2009/10/22 23:48:08 \| 00,000,000 \| ---D \| C] -- C:\Program Files\DVDVideoSoft [2009/10/25 18:57:29 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee.com [2009/12/05 21:31:43 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Reference Assemblies [2009/10/29 08:20:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SiteAdvisor [2009/12/05 21:33:01 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\System32\XPSViewer [2009/12/05 21:28:46 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\SxsCaPendDel [2009/10/29 08:50:28 \| 00,521,728 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Nick Rummel\Desktop\OTL.exe [2009/10/29 08:06:22 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\LastGood [2009/10/28 15:42:08 \| 00,000,000 \| ---D \| C] -- C:\_OTM [2009/10/28 15:40:45 \| 00,408,064 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Nick Rummel\Desktop\OTM.exe [2009/10/28 07:55:39 \| 00,000,000 \| ---D \| C] -- C:\Combo-Fix [2009/10/27 17:05:57 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/27 16:48:36 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/27 16:48:34 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/27 16:48:33 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/27 16:48:33 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/27 16:44:40 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/27 08:50:04 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/26 17:19:37 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\Nick Rummel\Desktop\RootRepeal.exe [2009/10/26 16:34:20 \| 00,143,360 \| ---- \| C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll [2009/10/25 18:59:54 \| 00,033,832 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys [2009/10/25 18:59:43 \| 00,040,488 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys [2009/10/25 18:59:40 \| 00,035,240 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys [2009/10/25 18:59:38 \| 00,079,304 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys [2009/10/25 18:59:37 \| 00,201,320 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys [2009/10/25 18:59:20 \| 00,113,952 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys [2009/10/22 23:48:32 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Nick Rummel\My Documents\DVDVideoSoft [2009/10/22 23:44:37 \| 10,984,941 \| ---- \| C] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Nick Rummel\Desktop\FreeVideoFlipAndRotate.exe [2009/10/21 22:45:25 \| 08,067,224 \| ---- \| C] (Mozilla) -- C:\Documents and Settings\Nick Rummel\Desktop\Firefox Setup 3.5.3.exe [2009/10/21 16:40:00 \| 00,000,000 \| ---D \| C] -- C:\EmergencyUtils [2009/10/21 16:39:34 \| 00,032,768 \| ---- \| C] (Doug Knox) -- C:\Documents and Settings\Nick Rummel\Desktop\xp_emergencyutil.exe [2009/06/03 20:21:01 \| 00,061,440 \| ---- \| C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2009/06/03 20:21:00 \| 00,172,032 \| ---- \| C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2009/06/03 20:21:00 \| 00,053,248 \| ---- \| C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2009/06/03 20:21:00 \| 00,053,248 \| ---- \| C] ( ) -- C:\WINDOWS\csnpstd3.dll [2007/08/02 15:20:28 \| 00,220,184 \| ---- \| C] ( ) -- C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll [2007/02/24 21:45:58 \| 00,047,360 \| ---- \| C] (VSO Software) -- C:\Documents and Settings\Nick Rummel\Application Data\pcouffin.sys [2006/08/27 22:59:50 \| 01,183,744 \| ---- \| C] ( ) -- C:\WINDOWS\System32\dlccserv.dll [2006/08/27 22:59:50 \| 01,134,592 \| ---- \| C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll [2006/08/27 22:59:50 \| 00,774,144 \| ---- \| C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll [2006/08/27 22:59:50 \| 00,704,512 \| ---- \| C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll [2006/08/27 22:59:50 \| 00,638,976 \| ---- \| C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll [2006/08/27 22:59:50 \| 00,483,328 \| ---- \| C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll [2006/08/27 22:59:50 \| 00,413,696 \| ---- \| C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll [2006/08/27 22:59:50 \| 00,155,648 \| ---- \| C] ( ) -- C:\WINDOWS\System32\dlccprox.dll [2006/08/27 22:59:50 \| 00,114,688 \| ---- \| C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll [2005/12/13 18:12:34 \| 00,016,384 \| ---- \| C] (Microsoft Corporation) -- C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\stdole.dll ========== Files - Modified Within 14 Days ========== [2009/10/29 08:50:28 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Nick Rummel\Desktop\OTL.exe [2009/10/29 08:01:03 \| 00,000,246 \| ---- \| M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2009/10/29 07:59:40 \| 00,002,479 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk [2009/10/29 07:59:10 \| 00,012,859 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009/10/29 07:57:55 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/29 07:40:59 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/29 07:40:55 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/10/29 07:40:53 \| 10,637,14816 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/28 23:48:24 \| 00,223,744 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/28 19:15:52 \| 00,021,430 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Desktop\Finances.xlsx [2009/10/28 18:29:33 \| 00,000,165 \| -H-- \| M] () -- C:\Documents and Settings\Nick Rummel\Desktop\~$Finances.xlsx [2009/10/28 15:58:33 \| 00,282,833 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Desktop\gmer.zip [2009/10/28 15:40:46 \| 00,408,064 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Nick Rummel\Desktop\OTM.exe [2009/10/28 08:39:32 \| 00,000,157 \| ---- \| M] () -- C:\WINDOWS\matlab.ini [2009/10/28 08:30:52 \| 00,000,246 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/10/28 08:29:59 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/10/27 17:06:28 \| 00,000,279 \| RHS- \| M] () -- C:\boot.ini [2009/10/26 17:22:26 \| 00,464,491 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Desktop\RootRepeal.zip [2009/10/26 17:19:56 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Desktop\settings.dat [2009/10/26 16:40:14 \| 00,000,666 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk [2009/10/26 16:40:10 \| 00,000,671 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/10/25 18:58:23 \| 00,000,352 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/10/25 18:58:21 \| 00,000,344 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/25 06:11:34 \| 00,077,312 \| ---- \| M] () -- C:\WINDOWS\MBR.exe [2009/10/24 18:59:05 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/23 00:11:25 \| 00,002,199 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2009 SP3.0.lnk [2009/10/22 23:48:33 \| 00,000,892 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Desktop\DVDVideoSoft Free Studio.lnk [2009/10/22 23:46:31 \| 10,984,941 \| ---- \| M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Nick Rummel\Desktop\FreeVideoFlipAndRotate.exe [2009/10/21 22:48:02 \| 08,067,224 \| ---- \| M] (Mozilla) -- C:\Documents and Settings\Nick Rummel\Desktop\Firefox Setup 3.5.3.exe [2009/10/21 16:39:03 \| 00,007,875 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Desktop\xp_emergencyutil.zip [2009/10/16 13:22:44 \| 00,291,328 \| ---- \| M] () -- C:\Documents and Settings\Nick Rummel\Desktop\gmer.exe ========== Files - No Company Name ========== [2009/10/28 18:29:33 \| 00,000,165 \| -H-- \| C] () -- C:\Documents and Settings\Nick Rummel\Desktop\~$Finances.xlsx [2009/10/28 15:58:52 \| 00,291,328 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Desktop\gmer.exe [2009/10/28 15:58:31 \| 00,282,833 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Desktop\gmer.zip [2009/10/27 17:06:28 \| 00,000,209 \| ---- \| C] () -- C:\Boot.bak [2009/10/27 17:06:05 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/27 16:48:36 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2009/10/27 16:48:34 \| 00,236,544 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/27 16:48:34 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/27 16:48:34 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/10/27 16:48:33 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/26 17:19:56 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Desktop\settings.dat [2009/10/26 17:15:28 \| 00,464,491 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Desktop\RootRepeal.zip [2009/10/26 16:41:14 \| 00,012,859 \| ---- \| C] () -- C:\WINDOWS\System32\Config.MPF [2009/10/26 16:40:14 \| 00,000,666 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk [2009/10/26 16:40:10 \| 00,000,671 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk [2009/10/25 18:58:23 \| 00,000,352 \| ---- \| C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/10/25 18:58:21 \| 00,000,344 \| ---- \| C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/22 23:49:27 \| 00,000,246 \| ---- \| C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2009/10/22 23:48:33 \| 00,000,892 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Desktop\DVDVideoSoft Free Studio.lnk [2009/10/21 16:39:01 \| 00,007,875 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Desktop\xp_emergencyutil.zip [2009/08/31 22:07:42 \| 00,050,127 \| ---- \| C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009/07/22 16:25:23 \| 00,005,652 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2009/06/25 15:11:20 \| 00,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\LXPMONUI.DLL [2009/06/25 15:11:19 \| 00,032,768 \| ---- \| C] () -- C:\WINDOWS\System32\LXPRMON.DLL [2009/06/24 13:50:49 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\PROTOCOL.INI [2009/06/03 20:21:04 \| 00,015,498 \| ---- \| C] () -- C:\WINDOWS\snpstd3.ini [2009/06/03 20:21:03 \| 00,003,968 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\DeNoise.sys [2009/04/02 13:21:57 \| 00,004,536 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\DB475BB5-9A3E-4DE9-BD7D-189CA7F82FD2.txt [2009/01/02 13:15:10 \| 00,000,518 \| ---- \| C] () -- C:\WINDOWS\System32\SP207.INI [2008/09/17 21:34:02 \| 00,148,992 \| ---- \| C] () -- C:\WINDOWS\System32\mllink5.dll [2008/09/17 21:34:02 \| 00,000,019 \| ---- \| C] () -- C:\WINDOWS\exlink.ini [2008/03/18 12:07:35 \| 00,903,168 \| ---- \| C] () -- C:\WINDOWS\System32\mitmdl30.dll [2008/03/18 12:07:34 \| 00,019,456 \| ---- \| C] () -- C:\WINDOWS\System32\lfwpg60n.dll [2008/03/18 12:07:34 \| 00,019,456 \| ---- \| C] () -- C:\WINDOWS\System32\lfwmf60n.dll [2008/03/18 12:07:33 \| 00,110,080 \| ---- \| C] () -- C:\WINDOWS\System32\lfpng60n.dll [2008/03/18 12:07:33 \| 00,046,080 \| ---- \| C] () -- C:\WINDOWS\System32\lftif60n.dll [2008/03/18 12:07:33 \| 00,023,552 \| ---- \| C] () -- C:\WINDOWS\System32\lfpcx60n.dll [2008/03/18 12:07:33 \| 00,022,528 \| ---- \| C] () -- C:\WINDOWS\System32\lfpct60n.dll [2008/03/18 12:07:33 \| 00,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\lfpsd60n.dll [2008/03/18 12:07:33 \| 00,019,968 \| ---- \| C] () -- C:\WINDOWS\System32\lftga60n.dll [2008/03/18 12:07:33 \| 00,018,432 \| ---- \| C] () -- C:\WINDOWS\System32\lfmsp60n.dll [2008/03/18 12:07:32 \| 00,176,128 \| ---- \| C] () -- C:\WINDOWS\System32\lffax60n.dll [2008/03/18 12:07:32 \| 00,141,824 \| ---- \| C] () -- C:\WINDOWS\System32\lfcmp60n.dll [2008/03/18 12:07:32 \| 00,022,528 \| ---- \| C] () -- C:\WINDOWS\System32\lfeps60n.dll [2008/03/18 12:07:32 \| 00,022,016 \| ---- \| C] () -- C:\WINDOWS\System32\lfbmp60n.dll [2008/03/18 12:07:32 \| 00,017,920 \| ---- \| C] () -- C:\WINDOWS\System32\lfmac60n.dll [2008/02/11 18:30:49 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2008/01/21 15:05:42 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\iplayer.INI [2007/08/04 15:23:47 \| 00,000,040 \| ---- \| C] () -- C:\WINDOWS\musicstr.ini [2007/08/04 14:26:24 \| 00,000,514 \| ---- \| C] () -- C:\WINDOWS\teachpno.ini [2007/04/13 15:09:08 \| 02,067,140 \| R--- \| C] () -- C:\WINDOWS\System32\avcodec.dll [2007/04/13 00:01:49 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007/04/12 23:58:40 \| 00,005,632 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007/04/07 02:25:46 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\VPC32.INI [2007/03/24 13:36:17 \| 00,223,128 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys [2007/02/27 20:35:55 \| 00,717,296 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007/02/24 21:48:26 \| 00,000,014 \| ---- \| C] () -- C:\WINDOWS\System32\systeminfo3.dll [2007/02/24 21:46:19 \| 00,000,033 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Application Data\pcouffin.log [2007/02/24 21:45:58 \| 00,081,920 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Application Data\ezpinst.exe [2007/02/24 21:45:58 \| 00,007,176 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Application Data\pcouffin.cat [2007/02/24 21:45:58 \| 00,001,144 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Application Data\pcouffin.inf [2007/02/24 21:34:29 \| 00,000,040 \| -HS- \| C] () -- C:\Documents and Settings\Nick Rummel\Application Data\.zreglib [2007/02/22 11:19:06 \| 00,052,000 \| ---- \| C] () -- C:\WINDOWS\System32\nipcload.dll [2007/02/21 19:30:50 \| 00,000,244 \| ---- \| C] () -- C:\WINDOWS\System32\nirpc.ini [2007/02/21 10:00:00 \| 00,004,096 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys [2007/02/06 17:45:04 \| 00,025,632 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2007/02/06 17:42:40 \| 01,691,808 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys [2006/12/31 20:23:50 \| 00,000,956 \| R--- \| C] () -- C:\WINDOWS\System32\iconcfg.ini [2006/12/07 10:10:37 \| 00,000,004 \| ---- \| C] () -- C:\WINDOWS\info147.sys [2006/12/06 18:49:46 \| 00,000,592 \| ---- \| C] () -- C:\Program Files\Opera.lnk [2006/12/04 20:02:26 \| 01,580,176 \| -H-- \| C] () -- C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\IconCache.db [2006/12/03 21:45:25 \| 00,000,050 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2006/10/16 17:36:29 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\WB.ini [2006/10/16 16:53:59 \| 00,005,127 \| ---- \| C] () -- C:\WINDOWS\langorig.ini [2006/10/16 16:53:18 \| 00,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\wbload.dll [2006/10/16 16:48:52 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\SDAddressBox16827d0561119.ini [2006/10/16 16:45:44 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\SDAddressBox1633cb8581916.ini [2006/10/16 16:42:27 \| 00,007,852 \| ---- \| C] () -- C:\WINDOWS\System32\mcdmsg7.dll [2006/09/21 19:21:52 \| 00,003,766 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/09/21 19:21:52 \| 00,000,088 \| RHS- \| C] () -- C:\WINDOWS\System32\68430E414D.sys [2006/09/08 15:26:05 \| 00,000,157 \| ---- \| C] () -- C:\WINDOWS\matlab.ini [2006/09/05 23:05:35 \| 00,002,516 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/09/05 22:40:11 \| 00,223,744 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/09/05 18:44:35 \| 00,000,029 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2006/09/05 18:35:14 \| 00,001,626 \| ---- \| C] () -- C:\Program Files\QuickTime Player.lnk [2006/09/05 18:19:36 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2006/09/05 18:14:15 \| 00,000,841 \| ---- \| C] () -- C:\Program Files\Ad-Aware SE Personal.lnk [2006/09/05 16:34:00 \| 00,001,753 \| ---- \| C] () -- C:\Program Files\Dell Printer Supplies - Inkjet.lnk [2006/09/05 16:14:59 \| 00,152,872 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2006/09/05 16:01:52 \| 00,000,786 \| ---- \| C] () -- C:\Program Files\Windows Media Player.lnk [2006/09/05 16:01:46 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Nick Rummel\Application Data\desktop.ini [2006/09/05 16:01:45 \| 00,001,298 \| ---- \| C] () -- C:\Program Files\Media Center.lnk [2006/09/05 16:01:44 \| 00,000,134 \| ---- \| C] () -- C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\fusioncache.dat [2006/08/29 08:54:33 \| 00,001,752 \| ---- \| C] () -- C:\Program Files\main.ini [2006/08/27 23:59:40 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006/08/27 23:56:37 \| 00,001,967 \| ---- \| C] () -- C:\Program Files\Internet Service Offers.lnk [2006/08/27 23:56:14 \| 00,001,965 \| ---- \| C] () -- C:\Program Files\Games, Music, & Photos.lnk [2006/08/27 23:56:06 \| 00,001,958 \| ---- \| C] () -- C:\Program Files\Documentation & Support.lnk [2006/08/27 23:51:09 \| 00,000,413 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2006/08/27 23:45:13 \| 00,001,661 \| ---- \| C] () -- C:\Program Files\Trend Micro PC-cillin Internet Security 12.lnk [2006/08/27 23:39:50 \| 00,712,704 \| ---- \| C] () -- C:\WINDOWS\System32\DellSystemRestore.dll [2006/08/27 23:36:41 \| 00,000,138 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2006/08/27 23:31:45 \| 00,000,004 \| -H-- \| C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2006/08/27 22:59:50 \| 00,430,080 \| ---- \| C] () -- C:\WINDOWS\System32\dlccutil.dll [2006/08/27 22:59:50 \| 00,176,128 \| ---- \| C] () -- C:\WINDOWS\System32\dlccinsb.dll [2006/08/27 22:59:50 \| 00,155,648 \| ---- \| C] () -- C:\WINDOWS\System32\dlccins.dll [2006/08/27 22:59:50 \| 00,131,072 \| ---- \| C] () -- C:\WINDOWS\System32\dlccjswr.dll [2006/08/27 22:59:50 \| 00,106,496 \| ---- \| C] () -- C:\WINDOWS\System32\dlccinsr.dll [2006/08/27 22:59:50 \| 00,086,016 \| ---- \| C] () -- C:\WINDOWS\System32\dlcccub.dll [2006/08/27 22:59:50 \| 00,073,728 \| ---- \| C] () -- C:\WINDOWS\System32\dlcccu.dll [2006/08/27 22:59:50 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\dlccvs.dll [2006/08/27 22:59:50 \| 00,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\dlcccur.dll [2006/08/27 22:59:48 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\dlcccfg.dll [2006/08/27 22:59:14 \| 00,016,480 \| ---- \| C] () -- C:\WINDOWS\System32\rixdicon.dll [2006/08/27 22:58:48 \| 00,000,391 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/06/13 17:35:32 \| 00,053,760 \| ---- \| C] () -- C:\WINDOWS\System32\zlib.dll [2005/08/16 02:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 02:33:24 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 02:18:43 \| 00,001,204 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 02:18:41 \| 00,000,246 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 12:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/02 12:00:16 \| 00,000,611 \| ---- \| C] () -- C:\WINDOWS\System32\dlccplc.ini [2005/07/14 01:15:30 \| 00,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\lxcevs.dll [2005/06/10 10:00:00 \| 00,102,400 \| ---- \| C] () -- C:\WINDOWS\System32\cviUSI.dll [2003/01/30 07:04:00 \| 00,618,496 \| ---- \| C] () -- C:\WINDOWS\System32\stlpmt45.dll [2002/02/15 10:29:02 \| 00,000,172 \| ---- \| C] () -- C:\WINDOWS\recorsta.ini [2000/01/06 17:00:00 \| 00,026,672 \| ---- \| C] () -- C:\WINDOWS\System32\procsvr.drv [2000/01/06 17:00:00 \| 00,026,672 \| ---- \| C] () -- C:\WINDOWS\sysltime.dll ========== LOP Check ========== [2009/10/14 21:30:26 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/03/21 20:06:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2009/10/03 18:13:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/08/17 19:34:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2} [2009/04/18 20:30:18 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/04/05 09:09:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\acccore [2009/09/10 00:23:38 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2008/02/26 01:24:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2008/08/07 21:20:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\FaxCtr [2007/12/09 19:05:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2009/08/06 19:03:21 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Installations [2007/05/01 01:27:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Intel [2009/08/31 22:05:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Logishrd [2008/05/13 11:30:07 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\All Users\Application Data\Memeo [2007/09/22 08:37:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes [2008/05/23 20:44:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\National Instruments [2009/08/06 19:10:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2006/10/02 19:19:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2009/02/23 10:28:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2006/10/02 22:32:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SkillJam [2009/09/10 22:58:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SolidWorks [2009/02/23 11:38:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2008/01/10 00:34:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/10/28 20:35:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/08/17 19:34:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Transparent [2006/12/12 01:49:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Trymedia [2009/07/29 11:10:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/02/13 15:14:55 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\All Users\Application Data\WD [2009/10/26 22:18:07 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data [2007/04/15 01:29:38 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\.gaim [2006/09/05 18:50:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\acccore [2009/02/24 17:02:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\advantage [2006/12/31 16:59:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\ArcSoft [2009/09/10 00:25:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Autodesk [2008/11/15 21:53:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\BitTorrent [2007/11/20 22:08:55 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Chessmaster Challenge [2006/09/21 19:22:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Corel Photo Album [2007/02/24 21:29:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\CyberLink [2009/02/24 17:31:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\DAEMON Tools [2009/02/24 17:01:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\DAEMON Tools Pro [2009/10/16 10:37:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\dvdcss [2008/02/11 18:29:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\DWGeditor [2008/08/08 11:13:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\FaxCtr [2007/09/29 12:04:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Gizmoz [2009/10/29 07:59:16 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\IM [2007/05/01 01:27:19 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Intel [2006/12/31 20:14:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Leadertech [2009/04/07 01:21:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\lrfmenuz [2006/09/08 15:26:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\MathWorks [2009/10/23 14:20:34 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Move Networks [2007/04/30 16:38:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\MSNInstaller [2006/12/09 13:15:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\NY-Yankees.net Toolbar [2006/12/06 18:50:21 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Opera [2008/09/05 00:37:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Prism [2007/05/17 17:11:46 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\SecuROM [2009/02/21 16:21:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\sldIM [2007/02/24 21:36:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\SlySoft [2009/10/23 00:12:17 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\SolidWorks [2009/09/14 17:45:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\SolidWorks 2009 [2007/11/20 21:51:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\SpinTop [2007/05/19 17:42:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\SystemRequirementsLab [2008/12/17 02:03:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\U3 [2007/02/28 23:16:17 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nick Rummel\Application Data\Vso [2009/10/24 18:59:05 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 03:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/10/25 18:58:23 \| 00,000,352 \| ---- \| M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/10/25 18:58:21 \| 00,000,344 \| ---- \| M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/10/29 07:40:59 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/10/29 08:01:03 \| 00,000,246 \| ---- \| M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/10 03:00:00 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) -- C:\i386\eventlog.dll [1 C:\i386\.tmp files] [EventLog.dll : MD5=1363337A5301619F00F8033835EF30E9] -> [1999/10/03 20:38:26 \| 00,017,408 \| ---- \| M] () -- C:\MATLAB6p5\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll [eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/10 03:00:00 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 17:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 17:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 17:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/10 03:00:00 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) -- C:\i386\scecli.dll [1 C:\i386\.tmp files] [scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/10 03:00:00 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 17:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 17:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 17:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/10 03:00:00 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\i386\netlogon.dll [1 C:\i386\.tmp files] [netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/10 03:00:00 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 17:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 17:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 17:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 20:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) -- C:\i386\atapi.sys [1 C:\i386\.tmp files] [atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 20:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 11:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 11:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys [atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 20:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [AGP440.SYS : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/03 21:07:42 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\i386\AGP440.SYS [1 C:\i386\.tmp files] [agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/03 21:07:42 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 11:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 11:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 11:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > C:\WINDOWS\system32\drivers\ -> C:\WINDOWS\System32\drivers -> [2009/10/29 09:00:33 \| 00,000,000 \| ---D \| M] [vaxscsi.sys : Unable to obtain MD5 ] -> [2007/03/24 13:36:17 \| 00,223,128 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 61 bytes -> C:\Documents and Settings\All Users\Application Data\Symantec\hpc:468323563 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 ========== Files - Unicode (All) ========== [2009/02/16 00:49:22 \| 00,000,000 \| ---D \| M](C:\DoC?) -- C:\DoCԱ [2009/02/16 00:49:21 \| 00,000,000 \| ---D \| C](C:\DoC?) -- C:\DoCԱ < End of report >

Rorschach112 View Member Profile	Oct 29 2009, 05:10 PM Post #13
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	hi Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Ensure all Firefox windows are closed. To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista). When prompted to run the scan, click Yes. GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt). 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: SRPeek:: C:\WINDOWS\System32\drivers\vaxscsi.sys Mia:: C:\WINDOWS\System32\drivers\vaxscsi.sys Folder:: Registry:: Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O24 - Desktop Components:0 (tets) - C:\WINDOWS\system32\onhelp.htm O32 - AutoRun File - [2007/02/14 12:27:46 \| 00,000,000 \| ---D \| M] - D:\autorun -- [ NTFS ] O32 - AutoRun File - [2006/12/15 13:32:12 \| 00,000,047 \| R--- \| M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1a517000-d909-11dc-8eee-0015c5a935eb}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDEULA.exe -- File not found O33 - MountPoints2\{4669c37e-c3dd-11de-8fa7-0015c5a935eb}\Shell - "" = AutoRun O33 - MountPoints2\{4669c37e-c3dd-11de-8fa7-0015c5a935eb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4669c37e-c3dd-11de-8fa7-0015c5a935eb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found :Services :Reg :Files :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done

nrummel View Member Profile	Oct 30 2009, 12:34 AM Post #14
Member Posts: 13 OS: Windows 2000	GooredFix by jpshortstuff (24.09.09.1) Log created at 23:33 on 29/10/2009 (Nick Rummel) Firefox version 3.0.13 (en-US) ========== GooredScan ========== Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{69718F4B-3565-4D65-B418-A321269E8B74} -> Success! Deleting C:\Documents and Settings\Nick Rummel\Local Settings\Application Data\{69718F4B-3565-4D65-B418-A321269E8B74} -> Success! ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {3112ca9c-de6d-4884-a869-9855de68056c} [01:41 06/09/2006] {972ce4c6-7e08-4474-a285-3208198ce6fd} [05:48 16/04/2009] {B13721C7-F507-4982-B2E5-502A71474FED} [00:38 31/08/2007] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [08:37 15/04/2007] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [01:14 19/08/2007] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [05:21 30/10/2007] {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [18:15 21/08/2008] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [21:12 09/06/2008] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:58 05/06/2009] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:35 06/12/2009] -=E.O.F=-

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Cannot access certain websites [Solved]	3 / 237	26th January 2009 - 11:22 AM gravelkm started - last by handhfan
Virus, Spyware and Trojan Removal Google Redirections & Cannot Access McAfee Website [Closed] [Solve 123	31 / 1,488	3rd June 2009 - 02:36 PM SyedT started - last by Rorschach112
Virus, Spyware and Trojan Removal McAfee will not download updates and cannot access their website [Solv	12 / 979	24th May 2009 - 02:28 AM NHCAB1020 started - last by CatByte
Virus, Spyware and Trojan Removal Google installer and cannot install new files [Solved] 12	19 / 544	12th August 2009 - 07:17 AM pericles81 started - last by Rorschach112