Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect, slowed computer, persistent viruses/trojans [Solved]

Started by rich2124 , Mar 16 2009 11:13 AM

  • This topic is locked This topic is locked

#1
rich2124
Posted 16 March 2009 - 11:13 AM

rich2124

    Member

  • Member
  • PipPip
  • 22 posts
Hey, sorry to be a bother to you guys. I know you're all very busy and I thank you for helping people like me out :)

I've had a couple of problems lately. Firstly, my comp has slowed down pretty bad over the past couple of weeks. i'm lagging tremendously while playing games where i never did before (internet connection is stable, no problems on other comps). I get occasional popups when firefox isn't open. and now every search engine, when i click on a search, automatically redirects to a site called xxfindmywolrdxx.com ..hopefully any of that helps :)

also, McAfee on acess scans continuously had viruses popping up. under "detected as" they're Generic Downloader.x, Download-BKA, AND Vundo.gen.ab . vundofix didn't work T_T

here's my hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:14 PM, on 3/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.microsoft.edu
O15 - Trusted Zone: *.villanova.edu
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5297 bytes
  • 0

Advertisements

#2
Essexboy
Posted 16 March 2009 - 01:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what I can do for you

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

THEN

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
rich2124
Posted 16 March 2009 - 02:13 PM

rich2124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
thank you so Essex :)

here's the Goored Log first, i'll add the OTlist in the post below in a few minutes
  • 0

#4
rich2124
Posted 16 March 2009 - 02:13 PM

rich2124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
opps ><

GooredFix v1.92 by jpshortstuff
Log created at 16:09 on 16/03/2009 running Option #2 (Administrator)
Firefox version 3.0.7 (en-US)

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
  • 0

#5
rich2124
Posted 16 March 2009 - 02:18 PM

rich2124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTListIt logfile created on: 3/16/2009 4:14:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.5.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.92% Memory free
3.85 Gb Paging File | 2.15 Gb Available in Paging File | 55.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.78 Gb Total Space | 44.39 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 51.27 Gb Total Space | 51.21 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CF3F62
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe (SigmaTel, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - c:\program files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.)
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CcmExec [Auto | Running]) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (STacSV [Auto | Running]) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe (SigmaTel, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (Wuser32 [Auto | Running]) -- C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (guardian2 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\oz776.sys (O2Micro)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (idisw2km [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\idisw2km.sys (Microsoft Corporation)
DRV - (kbstuff [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\kbstuff5.sys (Microsoft Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (prepdrvr [On_Demand | Running]) -- C:\WINDOWS\system32\CCM\prepdrv.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (tbhsd [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...7&gct=&gc=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/16 00:18:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/08 16:22:13 | 00,000,000 | ---D | M]

[2009/03/06 18:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2008/08/20 18:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/06 18:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\[email protected]
[2009/03/16 02:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\h1drfwq2.default\extensions
[2009/03/16 02:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\h1drfwq2.default\extensions\[email protected]
[2009/02/24 11:12:20 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\h1drfwq2.default\searchplugins\ask.xml
[2008/08/20 18:45:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/06 19:43:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/06 19:43:48 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/06 19:43:48 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 12:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 12:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 12:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 21:07:13 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 12:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 12:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 12:31:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: microsoft.edu ([]* in Trusted sites)
O15 - HKCU\..Trusted Sites: villanova.edu ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/03/16 16:09:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFixBackups
[2009/03/16 16:07:55 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/03/16 16:07:39 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2009/03/13 03:01:25 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/13 03:00:19 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/11 16:37:27 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/11 14:05:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/11 14:05:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/11 14:05:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/11 14:05:06 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/11 14:05:06 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/11 14:05:06 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/11 14:05:06 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/11 14:05:06 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/11 14:05:06 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/11 14:04:09 | 02,933,345 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/03/11 14:01:25 | 00,000,000 | ---D | C] -- C:\combo
[2009/03/11 08:49:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.gpref
[2009/03/11 08:46:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009/03/11 08:44:04 | 21,453,53728 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/11 03:18:29 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\t55ft3518f44.dat
[2009/03/11 03:18:27 | 00,012,800 | ---- | C] () -- C:\WINDOWS\System32\dll32.dll
[2009/03/09 14:55:34 | 00,106,212 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DrainSoulTimer_1.2(2).zip
[2009/03/08 16:23:28 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/08 16:23:25 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/08 16:23:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/08 16:21:37 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/08 16:20:08 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/08 16:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/08 16:19:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/03/08 16:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/06 18:33:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LimeWire
[2009/03/06 18:32:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2009/03/06 18:32:02 | 00,001,587 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.1.1.lnk
[2009/03/06 18:30:16 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/03/06 18:27:15 | 16,479,552 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Administrator\Desktop\LimeWireWin.exe
[2009/03/06 18:14:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Music
[2009/03/06 17:38:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F07
[2009/03/06 17:38:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F06
[2009/03/06 17:37:52 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F05
[2009/03/06 17:37:30 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F04
[2009/03/06 17:37:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F03
[2009/03/06 17:36:54 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F02
[2009/03/06 17:36:27 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F01
[2009/03/06 17:35:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F49
[2009/03/06 17:35:30 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F48
[2009/03/06 17:35:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F47
[2009/03/06 17:34:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F46
[2009/03/06 17:34:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F45
[2009/03/06 17:33:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F44
[2009/03/06 17:33:15 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F43
[2009/03/06 17:31:53 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F42
[2009/03/06 17:31:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F41
[2009/03/06 17:31:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F40
[2009/03/06 17:30:40 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F39
[2009/03/06 17:30:18 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F38
[2009/03/06 17:29:49 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F37
[2009/03/06 17:29:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F36
[2009/03/06 17:27:52 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F35
[2009/03/06 17:27:28 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F34
[2009/03/06 17:26:48 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F33
[2009/03/06 17:26:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F32
[2009/03/06 17:25:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F31
[2009/03/06 17:24:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F30
[2009/03/06 17:24:01 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F29
[2009/03/06 17:23:40 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F28
[2009/03/06 17:23:14 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F27
[2009/03/06 17:22:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F26
[2009/03/06 17:22:07 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F25
[2009/03/06 17:21:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F24
[2009/03/06 17:21:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F23
[2009/03/06 17:21:10 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F22
[2009/03/06 17:20:38 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F21
[2009/03/06 17:20:05 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F20
[2009/03/06 17:19:28 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F19
[2009/03/06 17:17:58 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F18
[2009/03/06 17:17:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F17
[2009/03/06 17:17:29 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F16
[2009/03/06 17:17:07 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F15
[2009/03/06 17:16:53 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F14
[2009/03/06 17:15:56 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F13
[2009/03/06 17:15:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F12
[2009/03/06 17:15:20 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F11
[2009/03/06 17:15:01 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F10
[2009/03/06 17:14:43 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F09
[2009/03/06 17:14:20 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F08
[2009/03/06 17:13:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\F00
[2009/03/05 20:14:19 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\fesureto.exe
[2009/03/04 13:06:41 | 00,001,099 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to VundoFix(2).lnk
[2009/03/03 13:29:05 | 06,457,461 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\QuestHelper-0.92.zip
[2009/03/02 17:09:16 | 00,106,212 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DrainSoulTimer_1.2.zip
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2009/03/02 04:41:20 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/03/02 04:41:19 | 00,031,744 | ---- | C] () -- C:\WINDOWS\System32\6Ie44U50.exe
[2009/02/23 15:38:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DNA
[2009/02/23 15:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/02/23 15:38:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2009/02/23 15:37:37 | 01,734,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BitTorrent-6.1.2.exe
[2009/02/23 15:36:28 | 00,014,863 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The_Natural_(1984)_Robert_Redford_DVDrip.4008376.TPB.torrent
[2009/02/19 02:07:38 | 00,537,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\printable fantasy draft guide.ppt
[2009/02/15 11:07:09 | 00,014,414 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fioretti_Corinne_Assignment1.docx

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/03/16 16:07:55 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/03/16 16:07:39 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2009/03/16 16:06:57 | 00,168,411 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/03/16 16:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/03/16 15:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/03/16 14:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/03/16 13:00:11 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/03/16 12:55:23 | 00,168,411 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/03/16 12:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/03/16 11:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/03/16 08:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/03/16 07:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/03/16 06:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009/03/16 05:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009/03/16 04:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009/03/16 03:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009/03/16 02:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009/03/16 01:28:51 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-963894560-725345543-500.job
[2009/03/16 01:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/03/16 00:49:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/03/16 00:35:18 | 00,406,258 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/16 00:35:18 | 00,064,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/16 00:35:17 | 00,477,866 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/16 00:32:47 | 00,000,494 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2009/03/16 00:32:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/16 00:30:26 | 00,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/16 00:29:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/16 00:29:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/16 00:29:37 | 21,453,53728 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/15 23:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009/03/15 22:00:14 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/03/15 21:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/03/15 20:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/03/15 19:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/03/15 18:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/03/15 17:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/03/15 10:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/03/15 09:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/03/13 03:01:25 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/12 03:18:14 | 00,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 03:01:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/11 14:12:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/11 14:10:06 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/11 14:04:18 | 02,933,345 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/03/11 08:49:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.gpref
[2009/03/11 08:46:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
[2009/03/11 08:43:26 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/03/11 03:18:29 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\t55ft3518f44.dat
[2009/03/11 03:18:27 | 00,012,800 | ---- | M] () -- C:\WINDOWS\System32\dll32.dll
[2009/03/09 14:55:35 | 00,106,212 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DrainSoulTimer_1.2(2).zip
[2009/03/08 16:20:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/08 02:02:57 | 00,000,617 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/08 02:02:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/06 18:32:02 | 00,001,587 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.1.1.lnk
[2009/03/06 18:27:24 | 16,479,552 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Administrator\Desktop\LimeWireWin.exe
[2009/03/05 22:27:14 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\jamezudu
[2009/03/05 20:14:19 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\fesureto.exe
[2009/03/04 13:06:41 | 00,001,099 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to VundoFix(2).lnk
[2009/03/03 13:29:14 | 06,457,461 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\QuestHelper-0.92.zip
[2009/03/02 17:09:17 | 00,106,212 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DrainSoulTimer_1.2.zip
[2009/03/02 13:21:30 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/02 04:40:39 | 00,031,744 | ---- | M] () -- C:\WINDOWS\System32\6Ie44U50.exe
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/23 15:37:39 | 01,734,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BitTorrent-6.1.2.exe
[2009/02/23 15:36:28 | 00,014,863 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The_Natural_(1984)_Robert_Redford_DVDrip.4008376.TPB.torrent
[2009/02/19 02:07:40 | 00,537,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\printable fantasy draft guide.ppt
[2009/02/15 11:12:05 | 00,014,414 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fioretti_Corinne_Assignment1.docx
[2009/02/14 18:45:27 | 00,000,117 | ---- | M] () -- C:\WINDOWS\CIV.INI

========== LOP Check ==========

[2009/03/06 18:32:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/05/14 13:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/09/07 05:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2008/05/05 16:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2008/05/13 09:30:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2009/01/21 23:36:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2009/03/08 01:55:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2009/01/15 22:13:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\goombah
[2008/10/06 13:16:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help
[2008/09/02 15:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HP
[2009/03/16 01:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HPAppData
[2008/05/13 10:47:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2008/05/05 08:52:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/03/06 18:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2008/05/13 11:14:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/12/19 10:32:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/09/12 13:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Maple
[2009/01/25 22:20:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/02/24 18:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Move Networks
[2008/08/20 18:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008/05/13 09:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2008/05/13 11:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2008/05/13 10:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Roxio
[2009/02/24 18:02:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ruckus Network
[2008/05/13 10:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/01/25 22:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ventrilo
[2008/10/26 15:46:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Weather Clock
[2008/11/09 22:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2008/10/22 17:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2009/03/08 16:23:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/08 16:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/05/05 15:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/08/20 23:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/08/20 23:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/03/08 16:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/05/05 16:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/01/12 06:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2008/10/21 23:42:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/05/13 09:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/09/02 15:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2008/09/02 15:49:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/09/02 15:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2008/10/08 23:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/12/19 10:31:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/05/05 10:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/10/19 23:15:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/10 21:35:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/11/07 19:58:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/11/13 19:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab
[2008/05/13 09:49:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/12/04 14:02:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/05/13 09:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008/11/07 20:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/11/10 03:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/02 15:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2008/05/05 12:50:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/08 16:20:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/03/16 00:49:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2009/03/15 09:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2009/03/15 10:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2009/03/16 11:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2009/03/16 12:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2009/03/16 13:00:11 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2009/03/16 14:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2009/03/16 15:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2009/03/16 16:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2009/03/15 17:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2009/03/15 18:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2009/03/16 01:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2009/03/15 19:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2009/03/15 20:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2009/03/15 21:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2009/03/15 22:00:14 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2009/03/15 23:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2009/03/16 02:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2009/03/16 03:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2009/03/16 04:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2009/03/16 05:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2009/03/16 06:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2009/03/16 07:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2009/03/16 08:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/16 01:28:51 | 00,000,958 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-963894560-725345543-500.job
[2009/03/16 00:29:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Administrator\Desktop\Villanova University on iTunes U.url:favicon
< End of report >








OTListIt Extras logfile created on: 3/16/2009 4:14:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.5.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.92% Memory free
3.85 Gb Paging File | 2.15 Gb Available in Paging File | 55.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.78 Gb Total Space | 44.39 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 51.27 Gb Total Space | 51.21 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CF3F62
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"80:TCP" = 80:TCP:*:Enabled:dll32
"7171:TCP" = 7171:TCP:*:Enabled:dll32

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service (McAfee, Inc.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus ( )
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\Maple 12\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Maple 12\jre\bin\maple.exe:*:Enabled:Maple 12 (Maplesoft)
C:\Program Files\Maple 12\reader\reader.exe:*:Enabled:Maple Reader 12 (Maplesoft)
C:\Program Files\Maple 12\bin.win\calculator.exe:*:Enabled:Maple Calculator (Maplesoft)
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe:*:Enabled:SHSTAT (McAfee, Inc.)
C:\Program Files\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader (Blizzard Entertainment)
C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client ()
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe ()
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{36FE3EDA-0C18-48DE-934B-D9862F82A7A8}" = McAfee Agent
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A39A27F-005B-407E-8CF5-F4D8065658E4}" = SMS Advanced Client
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0A9E8B73-13F3-4CAF-9FF4-52C8F80EB11E}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CurseClient" = Curse Client
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"LimeWire" = LimeWire 5.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2.8.5.65535
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer Enterprise 6.0" = RealPlayer Enterprise
"RocketDock_is1" = RocketDock 1.3.5
"Ruckus Player" = Ruckus Player
"Shop for HP Supplies" = Shop for HP Supplies
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2009 2:04:18 PM | Computer Name = CF3F62 | Source = McLogEvent | ID = 259
Description = The file C:\Documents and Settings\Administrator\Local Settings\Application
Data\Mozilla\Firefox\Profiles\h1drfwq2.default\Cache\6D952C06d01\PSEXEC.CFEXE contains
the RemAdm-ProcLaunch!171 Remote Admin Tool. Undetermined clean error, deleted
successfully. Detected using Scan engine version 5300.2777 DAT version 5549.0000.

Error - 3/12/2009 1:49:37 PM | Computer Name = CF3F62 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module hpslpsvc32.dll, version 100.0.170.0, fault address 0x000410c9.

Error - 3/12/2009 10:28:54 PM | Computer Name = CF3F62 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x0001126a.

Error - 3/13/2009 3:48:21 PM | Computer Name = CF3F62 | Source = Google Update | ID = 20
Description =

Error - 3/15/2009 8:30:23 PM | Computer Name = CF3F62 | Source = Google Update | ID = 20
Description =

Error - 3/15/2009 9:30:22 PM | Computer Name = CF3F62 | Source = Google Update | ID = 20
Description =

Error - 3/15/2009 10:30:22 PM | Computer Name = CF3F62 | Source = Google Update | ID = 20
Description =

Error - 3/15/2009 11:30:23 PM | Computer Name = CF3F62 | Source = Google Update | ID = 20
Description =

Error - 3/16/2009 10:37:41 AM | Computer Name = CF3F62 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module hpslpsvc32.dll, version 100.0.170.0, fault address 0x000410c9.

Error - 3/16/2009 12:43:22 PM | Computer Name = CF3F62 | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 10/10/2008 3:04:01 AM | Computer Name = CF3F62 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 142168
seconds with 11100 seconds of active time. This session ended with a crash.

Error - 10/24/2008 11:15:41 AM | Computer Name = CF3F62 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 182626
seconds with 3060 seconds of active time. This session ended with a crash.

Error - 12/8/2008 11:22:09 PM | Computer Name = CF3F62 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 101515 seconds with 1440 seconds of active time. This session ended with
a crash.

Error - 12/16/2008 3:42:55 AM | Computer Name = CF3F62 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 126228
seconds with 4980 seconds of active time. This session ended with a crash.

Error - 2/15/2009 10:51:17 AM | Computer Name = CF3F62 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 31 seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/9/2009 8:51:34 AM | Computer Name = CF3F62 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/9/2009 8:53:51 AM | Computer Name = CF3F62 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/16/2009 10:32:47 AM | Computer Name = CF3F62 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{A25EE366-320D-48CE-86AC-6EA46CE0EAD9}
because another computer on the network has the same name. The server could not
start.

Error - 3/16/2009 10:37:45 AM | Computer Name = CF3F62 | Source = Service Control Manager | ID = 7034
Description = The HP Network Devices Support service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/16/2009 11:24:31 AM | Computer Name = CF3F62 | Source = Dhcp | ID = 1002
Description = The IP address lease 153.104.133.95 for the Network Card with network
address 001FE1454D26 has been denied by the DHCP server 153.104.136.2 (The DHCP
Server sent a DHCPNACK message).

Error - 3/16/2009 11:24:35 AM | Computer Name = CF3F62 | Source = NetBT | ID = 4321
Description = The name "CF3F62 :0" could not be registered on the Interface
with IP address 153.104.225.91. The machine with the IP address 153.104.6.106 did
not allow the name to be claimed by this machine.

Error - 3/16/2009 11:24:35 AM | Computer Name = CF3F62 | Source = NetBT | ID = 4321
Description = The name "CF3F62 :20" could not be registered on the Interface
with IP address 153.104.225.91. The machine with the IP address 153.104.6.106 did
not allow the name to be claimed by this machine.

Error - 3/16/2009 11:24:35 AM | Computer Name = CF3F62 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{A25EE366-320D-48CE-86AC-6EA46CE0EAD9}
because another computer on the network has the same name. The server could not
start.

Error - 3/16/2009 12:43:13 PM | Computer Name = CF3F62 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 153.104.225.91
on the Network Card with network address 001FE1454D26.

Error - 3/16/2009 12:43:31 PM | Computer Name = CF3F62 | Source = NetBT | ID = 4321
Description = The name "CF3F62 :0" could not be registered on the Interface
with IP address 153.104.183.165. The machine with the IP address 153.104.6.106 did
not allow the name to be claimed by this machine.

Error - 3/16/2009 12:43:31 PM | Computer Name = CF3F62 | Source = NetBT | ID = 4321
Description = The name "CF3F62 :20" could not be registered on the Interface
with IP address 153.104.183.165. The machine with the IP address 153.104.6.106 did
not allow the name to be claimed by this machine.

Error - 3/16/2009 12:43:31 PM | Computer Name = CF3F62 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{A25EE366-320D-48CE-86AC-6EA46CE0EAD9}
because another computer on the network has the same name. The server could not
start.


< End of report >
  • 0

#6
Essexboy
Posted 16 March 2009 - 04:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First a question did you create and do you recognise these folders ? There are about 15 with the same creation date/time

C:\Documents and Settings\Administrator\My Documents\F07 2009/03/06 17:15:56


Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
C:\WINDOWS\t55ft3518f44.dat
C:\WINDOWS\tasks\At*.job
C:\WINDOWS\System32\6Ie44U50.exe
C:\WINDOWS\System32\fesureto.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#7
rich2124
Posted 16 March 2009 - 09:12 PM

rich2124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
oh those are files uploaded from an ipod onto the computer.
C:\Documents and Settings\Administrator\My Documents\F07 ... should go up to F49 i believe.

i'm experiencing another problem.. could be with the wireless network but i can't use firefox or IE.
it says: Proxy Server Refused Connection
Firefox is configured to use a proxy server that is refusing connections.
The browser is configured to use a proxy server, but the proxy refused a connection.

so i'm using google chrome. didn't know if this was related.


anywho, here's the log file:

========== FILES ==========
C:\WINDOWS\t55ft3518f44.dat moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\System32\6Ie44U50.exe moved successfully.
C:\WINDOWS\System32\fesureto.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\etilqs_8AUUMtjMHAm5T15ac7LM scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\WFV135.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.5.2 log created on 03162009_224712

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\temp\etilqs_8AUUMtjMHAm5T15ac7LM not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\WFV135.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\h1drfwq2.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...
  • 0

#8
rich2124
Posted 16 March 2009 - 09:16 PM

rich2124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
sorry that i'm such a pain. i also noticed a file "thumbs.db" in the My Pictures folder that says its a system file when i tried to delete it :/

Edited by rich2124, 16 March 2009 - 09:17 PM.

  • 0

#9
Essexboy
Posted 17 March 2009 - 12:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Leave the file as it is a system one and I will rehide it later (it is a hidden system file )

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#10
rich2124
Posted 18 March 2009 - 06:34 AM

rich2124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
========== OTLISTIT ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ ProxyEnable| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ ProxyOverride| /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\etilqs_rTXwn1VXxCtmcrL scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\~DFF122.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.5.2 log created on 03182009_011129

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\temp\etilqs_rTXwn1VXxCtmcrL not found!
C:\Documents and Settings\Administrator\Local Settings\temp\~DFF122.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
Essexboy
Posted 18 March 2009 - 02:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How are things now - can you access the net
  • 0

#12
rich2124
Posted 18 March 2009 - 03:51 PM

rich2124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I still can't use Firefox, but i can use google's chrome
  • 0

#13
Essexboy
Posted 18 March 2009 - 03:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How about IE ?
  • 0

#14
Essexboy
Posted 18 March 2009 - 04:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For IE do the following - I will see if I can find out how to do it in FF

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer
  • 0

#15
Essexboy
Posted 18 March 2009 - 04:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And for Firefox there are instructions on this page and you want the setting to be no proxy
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP