Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google searches redirect me to advertisements [Closed]

Started by Watkinsbt , Oct 12 2009 10:33 PM

  • This topic is locked This topic is locked

#1
Watkinsbt
Posted 12 October 2009 - 10:33 PM

Watkinsbt

    Member

  • Member
  • PipPip
  • 12 posts
Since last week whenever i search for something on google more than half the time it redirects to advertisements which often have a little green circle icon that looks like a globe to the left of the web address. So I have read the preparation guidelines related to malware removal. Unfortunately the problem persists. I am posting the MBAM, RootRepeal and OTL logs. Hopefully somebody can assist me- none of my other virus or malware tools have rid my computer of the problem.

mbam-log-2009-10-12 (22-33-51).txt

Scan type: Quick Scan
Objects scanned: 104961
Time elapsed: 22 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit (Hijack.Regedit) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
---------------

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/12 23:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF226A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AAB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7CAC000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xEF6AA000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf73a3514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7392282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7392474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf73a3d00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf73a3fb8

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf73a23fa

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf73a4422

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf73a37d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7391f32

==EOF==
---------------------
OTL logfile created on: 10/12/2009 11:35:55 PM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Bryan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 270.14 Mb Available Physical Memory | 26.40% Memory free
2.40 Gb Paging File | 1.46 Gb Available in Paging File | 60.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 39.49 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7FC5581
Current User Name: Bryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/12 23:34:17 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\OTL.exe
PRC - [2009/10/06 00:43:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009/09/12 18:32:12 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/29 21:58:39 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Bryan\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/02/26 00:35:19 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/02/21 16:08:08 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/04/20 09:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/11/30 12:32:10 | 00,327,680 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
PRC - [2005/10/31 13:18:48 | 00,101,888 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\ESPNRunTime\DIGServices.exe
PRC - [2005/10/31 13:05:44 | 00,278,528 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\DIGStream\digstream.exe
PRC - [2005/06/23 20:27:36 | 00,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/06/23 20:27:28 | 01,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/06/23 20:27:18 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 10:21:46 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 10:21:40 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 10:21:38 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/03/04 00:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2004/12/06 21:45:14 | 00,696,425 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2004/12/06 21:45:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2004/12/06 21:45:12 | 00,872,556 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/12/03 22:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2004/11/04 20:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/13 16:49:00 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2004/08/19 15:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/04/26 09:04:14 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/04/01 19:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\System32\basfipm.exe
PRC - [2004/02/13 11:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/03/04 05:50:00 | 00,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Logi_MwX.Exe
PRC - [2003/02/25 01:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/02/25 01:50:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE

========== Win32 Services (SafeList) ==========

SRV - [2009/10/06 00:38:14 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca463f14ae7c06 [Auto | Stopped])
SRV - [2009/10/05 23:51:12 | 00,194,032 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/11/30 07:18:51 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe -- (spupdsvc [Disabled | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/10/13 08:35:12 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Running])
SRV - [2006/04/20 09:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2006/03/30 10:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Disabled | Stopped])
SRV - [2005/06/23 20:27:30 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2005/06/23 20:27:28 | 01,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2005/06/23 20:27:18 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2005/06/02 10:21:46 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/06/02 10:21:46 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/06/02 10:21:40 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/03/30 22:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2005/03/04 00:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2004/12/06 21:45:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2004/09/30 13:49:35 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/04/01 19:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\System32\basfipm.exe -- (BAsfIpM [Auto | Running])
SRV - [2004/02/13 11:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/02/25 01:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.jmu.edu/jmuweb/students/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....fr=ytff-twc&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {d84a846d-f7cb-4187-a408-b171020e8940}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.291
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..keyword.URL: "http://search.yahoo....fr=ytff-twc&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 10:37:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/07 20:49:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/12 18:36:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/10 13:50:48 | 00,000,000 | ---D | M]

[2009/01/16 13:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Extensions
[2009/01/16 13:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/12 18:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions
[2009/09/09 10:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 03:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/29 22:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/31 02:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/04/07 09:48:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2009/01/20 14:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\[email protected]
[2009/08/17 21:30:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\[email protected]
[2009/09/26 22:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\[email protected]
[2009/10/12 18:17:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/03/10 21:34:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/12 18:32:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/11 19:55:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/07 20:50:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/10/06 00:14:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/12 18:32:11 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 18:32:12 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/31 15:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/09/26 12:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/12 18:32:17 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/15 11:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/12/31 02:43:50 | 00,002,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AIM Search.xml
[2009/08/11 00:51:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/11 00:51:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/11 00:51:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/11 00:51:07 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/11 00:51:07 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/11 00:51:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/11 00:51:07 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (36 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A57FF8CF-C9DB-407F-80C4-6F1AB3BCA484} - C:\WINDOWS\System32\byXNgfFv.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc)
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Bryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Sticker] C:\Program Files\MoRUN.net\NotesPlusPlus\notespp.exe File not found
O4 - HKLM..\RunOnce: [NSSInstallation] C:\WINDOWS\System32\Adobe\Shockwave 11\nssstub.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O8 - Extra context menu item: &Viewpoint Search - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (Viewpoint Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .scm - C:\Temp\NPSC.DLL ()
O12 - Plugin for: .xav - C:\Temp\NPAVIAN.DLL ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: jmu.edu ([blackboard] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://prerelease.tr...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} http://gamingzone.ub...s/GSManager.cab (CoGSManager Class)
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} http://www.easports....py/iesnoopy.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....302/Coupons.cab (Reg Error: Key error.)
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} http://activex.micro...n7/dlhelper.cab (Download Helper Class)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci....1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Key error.)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://www.candystan...acheManager.CAB (CacheManager.CacheManagerCtrl)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.del...ll/gtdownde.cab (Dell PC Checkup Installer Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/html - No CLSID value found
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (dmvkjl.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\cbXRLddc: DllName - cbXRLddc.dll - File not found
O20 - Winlogon\Notify\LMOUgnt: DllName - LMOUgnt.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6d2109e8-1979-11de-b24e-00123ff423b6}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/05 23:50:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/10/06 00:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/05 22:47:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/10/06 01:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/05 17:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/06 01:21:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/06 00:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Malwarebytes
[2009/10/06 01:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\PC Tools
[2009/10/06 01:21:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/09 23:36:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/12 22:07:46 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/06 00:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/12 21:32:43 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/10/05 22:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\Snood 4
[2009/10/05 17:46:15 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/06 01:21:02 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/12 23:34:20 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\OTL.exe
[2009/10/12 23:31:19 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bryan\Desktop\RootRepeal(2).exe
[2009/10/12 23:26:03 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bryan\Desktop\RootRepeal.exe
[2009/10/12 22:07:15 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup(3).exe
[2009/10/12 21:49:46 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup(2).exe
[2009/10/12 21:45:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/12 21:41:19 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup.exe
[2009/10/12 21:38:31 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Bryan\Desktop\SysRestorePoint.exe
[2009/10/12 21:08:12 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\TFC.exe
[2009/10/12 15:27:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/10/06 01:24:30 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/06 01:22:59 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/06 01:22:58 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/06 01:21:51 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/06 00:32:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2009/10/06 00:24:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/06 00:24:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/06 00:21:59 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bryan\Desktop\mbam-setup.exe
[2009/10/05 17:41:23 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Bryan\Desktop\spybotsd162.exe

========== Files - Modified Within 14 Days ==========

[43 C:\Documents and Settings\Bryan\My Documents\*.tmp files]
[2009/10/12 23:34:17 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\OTL.exe
[2009/10/12 23:31:16 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Bryan\Desktop\RootRepeal(2).exe
[2009/10/12 23:26:01 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Bryan\Desktop\RootRepeal.exe
[2009/10/12 23:20:51 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\NSSstub.job
[2009/10/12 23:19:53 | 00,000,955 | ---- | M] () -- C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
[2009/10/12 23:15:18 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/12 23:13:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/12 23:11:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/12 23:11:06 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/12 23:10:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/12 23:09:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/12 23:09:26 | 10,731,43808 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/12 23:03:02 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-352244921-838533454-3301132321-1005UA.job
[2009/10/12 22:49:10 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/12 22:07:50 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\NTREGOPT.lnk
[2009/10/12 22:07:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\ERUNT.lnk
[2009/10/12 22:07:15 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup(3).exe
[2009/10/12 22:03:04 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-352244921-838533454-3301132321-1005Core.job
[2009/10/12 21:49:49 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup(2).exe
[2009/10/12 21:41:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup.exe
[2009/10/12 21:38:28 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Bryan\Desktop\SysRestorePoint.exe
[2009/10/12 21:08:10 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\TFC.exe
[2009/10/10 14:24:05 | 00,001,550 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/10/10 14:15:14 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/10 02:13:14 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\beezy.doc
[2009/10/10 01:41:22 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/09 22:45:24 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\football.doc
[2009/10/09 22:45:17 | 00,069,120 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\Expert picks.doc
[2009/10/09 03:13:05 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_USIP_ProgramAssistant.doc
[2009/10/08 21:51:15 | 00,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2009/10/08 21:51:15 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2009/10/08 21:51:15 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2009/10/08 21:39:41 | 00,716,857 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\3.0_FSO_RegGuide.pdf
[2009/10/08 19:55:34 | 00,004,674 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Attach.zip
[2009/10/08 19:55:17 | 00,000,956 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\ark.zip
[2009/10/08 17:16:10 | 00,282,312 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\gmer.zip
[2009/10/08 16:34:20 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\dds.scr
[2009/10/07 22:51:45 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/10/06 00:24:45 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 00:22:12 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bryan\Desktop\mbam-setup.exe
[2009/10/05 23:50:55 | 01,246,288 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Google Updater(2).exe
[2009/10/05 23:48:35 | 01,246,288 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Google Updater.exe
[2009/10/05 23:37:06 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\NSSstub.lnk
[2009/10/05 17:46:54 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Spybot - Search & Destroy.lnk
[2009/10/05 17:43:19 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Bryan\Desktop\spybotsd162.exe
[2009/10/05 12:49:11 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Bryan\My Documents\~$yanWatkins_Finnegan_LitigationPosition.doc
[2009/10/05 12:14:16 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Bryan\My Documents\~$rprogassoc.doc
[2009/10/04 02:00:29 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\cfrprogassoc.doc
[2009/10/04 02:00:01 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\cfrcap.doc
[2009/10/03 01:58:44 | 00,031,592 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\fd0503g.pdf
[2009/10/01 02:36:15 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_Finnegan_LitigationPosition.doc
[2009/10/01 02:35:02 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_Finnegan_Litigation.doc

========== Files - No Company Name ==========
[2009/10/12 22:07:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\ERUNT.lnk
[2009/10/12 21:45:57 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\NTREGOPT.lnk
[2009/10/10 02:09:44 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\beezy.doc
[2009/10/09 03:10:27 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_USIP_ProgramAssistant.doc
[2009/10/08 21:51:15 | 00,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2009/10/08 21:51:15 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2009/10/08 21:51:15 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2009/10/08 21:39:38 | 00,716,857 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\3.0_FSO_RegGuide.pdf
[2009/10/08 19:55:17 | 00,000,956 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\ark.zip
[2009/10/08 19:54:22 | 00,004,674 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Attach.zip
[2009/10/08 17:16:18 | 00,282,312 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\gmer.zip
[2009/10/08 16:34:28 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\dds.scr
[2009/10/07 22:51:45 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/10/06 01:14:52 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/06 00:44:00 | 00,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/06 00:43:55 | 00,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/06 00:24:45 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/05 23:51:34 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/05 23:50:42 | 01,246,288 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Google Updater(2).exe
[2009/10/05 23:48:34 | 01,246,288 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Google Updater.exe
[2009/10/05 23:37:05 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\NSSstub.lnk
[2009/10/05 20:37:43 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\NSSstub.job
[2009/10/05 17:46:54 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Spybot - Search & Destroy.lnk
[2009/10/05 12:49:11 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Bryan\My Documents\~$yanWatkins_Finnegan_LitigationPosition.doc
[2009/10/05 12:14:16 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Bryan\My Documents\~$rprogassoc.doc
[2009/10/04 02:00:28 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\cfrprogassoc.doc
[2009/10/04 02:00:00 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\cfrcap.doc
[2009/10/03 01:58:44 | 00,031,592 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\fd0503g.pdf
[2009/10/02 21:07:40 | 00,069,120 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\Expert picks.doc
[2009/10/01 02:35:28 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_Finnegan_LitigationPosition.doc
[2009/10/01 02:25:37 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_Finnegan_Litigation.doc
[2009/02/15 19:38:08 | 00,034,126 | -HS- | C] () -- C:\WINDOWS\System32\dKRtDcdd.ini
[2008/01/11 17:24:57 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/04/09 21:08:12 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\F3E9D91619.dll
[2007/03/26 14:58:57 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/03/10 21:29:25 | 04,715,738 | -H-- | C] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\IconCache.db
[2007/03/10 21:08:32 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2007/01/30 17:13:45 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/01/30 17:12:40 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/08/03 19:59:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2006/05/21 17:55:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI
[2006/05/21 17:29:46 | 00,002,607 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/05/07 03:09:24 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/16 21:10:22 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/03/07 03:31:11 | 00,003,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/05 19:55:11 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\fusioncache.dat
[2005/09/06 13:25:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/31 04:39:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/08/31 03:57:12 | 00,000,419 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/08/25 04:49:10 | 00,002,866 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/08/24 17:39:24 | 00,037,624 | ---- | C] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/24 17:36:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bryan\Application Data\desktop.ini
[2005/08/14 22:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/14 22:11:58 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/14 22:09:39 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/08/14 21:53:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/08/14 21:52:32 | 00,000,371 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:57:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 00,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 18:00:37 | 00,000,731 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 18:00:35 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/06 01:21:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/22 19:46:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/09/09 14:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/10/12 23:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2005/12/29 15:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
[2009/10/05 22:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2004/08/11 18:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/10/12 23:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/08 00:18:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007/01/29 03:03:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/10 17:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/10/06 01:21:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bryan\Application Data
[2005/08/24 18:14:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Aim
[2007/09/09 15:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Azureus
[2006/11/25 12:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Cimaware
[2005/10/21 18:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\CyberLink
[2006/03/23 01:11:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\funkitron
[2007/05/15 11:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\HouseCall 6.6
[2006/11/01 14:01:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Image Zone Express
[2005/08/24 17:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Leadertech
[2006/05/21 17:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\MAGIX
[2006/06/26 14:31:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Microgaming
[2009/08/18 19:50:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Bryan\Application Data\Move Networks
[2009/02/25 12:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\QuosaDDM
[2006/08/25 19:45:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Smith Micro
[2008/01/26 15:34:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Snapfish
[2009/02/15 22:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\SuperAdBlocker.com
[2008/04/18 10:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\U3
[2007/01/31 02:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Viewpoint
[2007/05/15 11:27:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\WinPatrol
[2008/04/13 13:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ZoomBrowser EX
[2009/06/26 17:28:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/12 23:11:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/12 23:11:06 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/12 22:49:10 | 00,000,884 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/12 22:03:04 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-352244921-838533454-3301132321-1005Core.job
[2009/10/12 23:03:02 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-352244921-838533454-3301132321-1005UA.job
[2009/10/12 23:15:18 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/12 23:20:51 | 00,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job
[2009/10/12 23:10:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
-----------------------

OTL Extras logfile created on: 10/12/2009 11:35:55 PM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Bryan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 270.14 Mb Available Physical Memory | 26.40% Memory free
2.40 Gb Paging File | 1.46 Gb Available in Paging File | 60.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 39.49 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7FC5581
Current User Name: Bryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"2967:UDP" = 2967:UDP:*:Enabled:RTVScan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2967:UDP" = 2967:UDP:*:Enabled:RTVScan
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\ubi.com\Core\GS4.exe" = C:\Program Files\ubi.com\Core\GS4.exe:*:Enabled:ubi.com Game Service -- File not found
"C:\Program Files\Red Storm Entertainment\RavenShield\system\ravenshield.exe" = C:\Program Files\Red Storm Entertainment\RavenShield\system\ravenshield.exe:*:Enabled:ravenshield -- File not found
"C:\Program Files\Speed\Speed.exe" = C:\Program Files\Speed\Speed.exe:*:Enabled:Speed -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\MoRUN.net\NotesPlusPlus\notespp.exe" = C:\Program Files\MoRUN.net\NotesPlusPlus\notespp.exe:*:Enabled:notespp -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord -- File not found
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa -- File not found
"C:\Program Files\K-litePro\k-litepro.exe" = C:\Program Files\K-litePro\k-litepro.exe:*:Disabled:K-litePro Ultimate File Sharing -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 16
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3A05B900-A3E7-11DE-A9B7-005056806466}" = Google Earth
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43622C01-15D3-4E62-9AD9-BD7C007FD452}" = SPSS 12.0 for Windows Student Version
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.76
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5F82271E-DFBE-405B-9C10-1B4E66C6E12E}" = iPod 2 iPod
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"ESPN RunTime" = ESPN RunTime
"Google Updater" = Google Updater
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"Lexmark Z600 Series" = Lexmark Z600 Series
"LG USB Drivers" = LG USB Drivers
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Logitech Resource Center" = Logitech Resource Center
"Lotus Media Plugin Player" = Lotus Media Plugin Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 6.0
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"ViewpointSearchBar" = Viewpoint Toolbar (Remove Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2009 3:45:04 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Common Files\Symantec Shared\ccApp.exe by: Tamper Protection scan. Action:
Blocked. Action Description:

Error - 10/12/2009 3:45:04 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\PROGRA~1\SYMANT~1\VPTray.exe
by: Tamper Protection scan. Action: Blocked. Action Description:

Error - 10/12/2009 3:45:12 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe by: Tamper Protection scan. Action:
Blocked. Action Description:

Error - 10/12/2009 3:45:17 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe by: Tamper Protection scan. Action:
Blocked. Action Description:

Error - 10/12/2009 3:45:17 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Symantec AntiVirus\DefWatch.exe by: Tamper Protection scan. Action: Blocked.
Action Description:

Error - 10/12/2009 3:45:23 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe by: Tamper Protection scan.
Action: Blocked. Action Description:

Error - 10/12/2009 3:45:23 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Symantec AntiVirus\Rtvscan.exe by: Tamper Protection scan. Action: Blocked.
Action Description:

Error - 10/12/2009 9:39:10 PM | Computer Name = D7FC5581 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.

Error - 10/12/2009 9:54:52 PM | Computer Name = D7FC5581 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2009 9:55:07 PM | Computer Name = D7FC5581 | Source = Application Hang | ID = 1001
Description = Fault bucket 452615105.

[ System Events ]
Error - 10/12/2009 9:09:28 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/12/2009 9:09:29 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus Definition Watcher service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/12/2009 9:09:29 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Cisco Systems, Inc. VPN Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/12/2009 9:09:30 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Iap service terminated unexpectedly. It has done this 1 time(s).

Error - 10/12/2009 9:09:30 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/12/2009 9:09:31 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 10/12/2009 9:09:31 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/12/2009 9:09:31 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The PC Tools Auxiliary Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/12/2009 9:09:33 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/12/2009 9:09:40 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >

I really appreciate the assistance and hope that with your help we can get to the bottom of this issue!
Thank You
  • 0

Advertisements

#2
Rorschach112
Posted 13 October 2009 - 06:55 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#3
Watkinsbt
Posted 13 October 2009 - 12:47 PM

Watkinsbt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for getting back to me so quickly! I've hit a snag with combofix tho. I close down my spyware and antivirus software prior to scanning but when It gets to the scan screen it says that the scan should take 10 minutes but time may vary.. It then stays like that and does not show any stages being run. I did not touch anything on the laptop and It is still like that an hour later. Is there anything I can do to get it to scan?? Thank you!
  • 0

#4
Rorschach112
Posted 13 October 2009 - 03:53 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
try it in safe mode
  • 0

#5
Watkinsbt
Posted 13 October 2009 - 04:29 PM

Watkinsbt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
when attempting safe mode I was met with a blue screen error... The technical information reads ***STOP: 0x00000008e (0xc0000005, 0x805a55fb, 0xf7a0d578, 0x00000000)
  • 0

#6
Rorschach112
Posted 14 October 2009 - 04:27 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
let me know if this fixes safe mode for you

Download and run SafeBootKeyRepair-CF from:

http://download.blee...otKeyRepair.exe
or
http://www.techsuppo...eyRepair-CF.exe

It will take only a moment for it to run.
A log will be produced at C:\SafeBoot_Repair.txt. Please post that in your next reply
  • 0

#7
Watkinsbt
Posted 14 October 2009 - 10:17 AM

Watkinsbt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
SafeBoot says "Please Wait..." and never produces a log
  • 0

#8
Rorschach112
Posted 14 October 2009 - 10:41 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (no name) - {A57FF8CF-C9DB-407F-80C4-6F1AB3BCA484} - C:\WINDOWS\System32\byXNgfFv.dll File not found
O12 - Plugin for: .scm - C:\Temp\NPSC.DLL ()
O12 - Plugin for: .xav - C:\Temp\NPAVIAN.DLL ()
O20 - AppInit_DLLs: (dmvkjl.dll) - File not found
O20 - Winlogon\Notify\cbXRLddc: DllName - cbXRLddc.dll - File not found
O20 - Winlogon\Notify\LMOUgnt: DllName - LMOUgnt.dll - File not found
O33 - MountPoints2\{6d2109e8-1979-11de-b24e-00123ff423b6}\Shell\AutoRun\command - "" = setupSNK.exe
[2009/02/15 19:38:08 | 00,034,126 | -HS- | C] () -- C:\WINDOWS\System32\dKRtDcdd.ini

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


then try combofix again
  • 0

#9
Watkinsbt
Posted 14 October 2009 - 01:20 PM

Watkinsbt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hello,
I was able to get the SafeBootKeyRepair-CF to run, but it did not solve my safemode... here is the resulting log though

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A57FF8CF-C9DB-407F-80C4-6F1AB3BCA484}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A57FF8CF-C9DB-407F-80C4-6F1AB3BCA484}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.scm\ deleted successfully.
DllUnregisterServer procedure not found in C:\Temp\NPSC.DLL
C:\Temp\NPSC.DLL NOT unregistered.
C:\Temp\NPSC.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.xav\ deleted successfully.
DllUnregisterServer procedure not found in C:\Temp\NPAVIAN.DLL
C:\Temp\NPAVIAN.DLL NOT unregistered.
C:\Temp\NPAVIAN.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbXRLddc\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMOUgnt\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d2109e8-1979-11de-b24e-00123ff423b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d2109e8-1979-11de-b24e-00123ff423b6}\ not found.
File setupSNK.exe not found.
C:\WINDOWS\System32\dKRtDcdd.ini moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bryan
File delete failed. C:\Documents and Settings\Bryan\Local Settings\Temp\etilqs_Cj7Ozj0z0aBWYpxeEceu scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bryan\Local Settings\Temp\~DFA2BB.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 8971122 bytes
File delete failed. C:\Documents and Settings\Bryan\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 6700910 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 90230303 bytes
->Google Chrome cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33215 bytes

User: NetworkService
->Temp folder emptied: 4086 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4cc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP00000124DB6A141E611C9A81 scheduled to be deleted on reboot.
Windows Temp folder emptied: 545055 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 101.58 mb


OTL by OldTimer - Version 3.0.20.0 log created on 10142009_125302

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Bryan\Local Settings\Temp\etilqs_Cj7Ozj0z0aBWYpxeEceu not found!
File\Folder C:\Documents and Settings\Bryan\Local Settings\Temp\~DFA2BB.tmp not found!
C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Bryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\jjzle15m.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4cc.dat not found!
File\Folder C:\WINDOWS\temp\TMP00000124DB6A141E611C9A81 not found!

Registry entries deleted on Reboot...

I also ran OTL with the code you gave, and rebooted after, but still ComboFix will sit for hours without scanning any of the stages. It's frustrating. Thank you for your patience!
  • 0

#10
Rorschach112
Posted 14 October 2009 - 01:56 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
rename combofix to svchost.com

it work then ?
  • 0

Advertisements

#11
Watkinsbt
Posted 14 October 2009 - 04:50 PM

Watkinsbt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
it still gets to
" this tipically doesn't take more than 10 minutes. Howver, scan times for badly infected machines may easily double"
and it has been like this for over an hour. Should I give it more time? It seems like it is supposed to have started and finished by now
  • 0

#12
Rorschach112
Posted 14 October 2009 - 05:06 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
nope lets try something else

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\System32\Drivers\dump_atapi.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#13
Watkinsbt
Posted 14 October 2009 - 05:58 PM

Watkinsbt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
unfortunately- after attempting ComboFix my computers internet would not connect until it was rebooted- upon rebooting it will not allow me to run windows normally, nor in safe mode. I don't see a way to get onto my computer now. Is there any way to enter it when this occurs? It appears there is no way in...
  • 0

#14
Rorschach112
Posted 14 October 2009 - 05:59 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
start it up, keep pressing F8, a menu should pop up

select Last Known Good Configuration, that get you in ?
  • 0

#15
Watkinsbt
Posted 14 October 2009 - 06:11 PM

Watkinsbt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
no that too leads to the same blue screen error
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP