Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect virus gone wild

Started by gravitysrainbow , Nov 10 2010 10:49 PM

This topic is locked

#46
gravitysrainbow

Posted 24 November 2010 - 10:44 PM

Member

Topic Starter
Member
37 posts

It seems so, yes.

#47
Essexboy

Posted 25 November 2010 - 01:29 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets look with a different scan - attach all three logs with the computer name alongside please

Download OTS to your Desktop and double-click on it to run it

Make sure you close all other programs and don't use the PC while the scan runs.
Select All Users
Under additional scans select the following
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan
Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.
Please attach the log in your next post.

#48
gravitysrainbow

Posted 27 November 2010 - 03:46 PM

Member

Topic Starter
Member
37 posts

SYSTEM3

OTS logfile created on: 11/27/2010 4:39:04 PM - Run 2
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\IRENE STUART\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 49.00 Mb Available Physical Memory | 19.00% Memory free
626.00 Mb Paging File | 418.00 Mb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.90 Gb Total Space | 17.75 Gb Free Space | 63.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DERRICKLAPTOP
Current User Name: IRENE STUART
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTS.exe -> [2010/11/11 19:52:54 | 000,642,048 | ---- | M] (OldTimer Tools)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
support.exe -> C:\Program Files\Common Files\Dell\EUSW\Support.exe -> [2003/05/15 14:22:36 | 000,245,760 | ---- | M] (Dell)
carpserv.exe -> C:\WINDOWS\SYSTEM32\carpserv.exe -> [2003/01/23 15:06:04 | 000,004,608 | ---- | M] (Conexant Systems, Inc.)
dadtray.exe -> C:\Program Files\Dell\AccessDirect\dadtray.exe -> [2002/11/18 10:11:10 | 000,188,416 | ---- | M] ()
dadapp.exe -> C:\Program Files\Dell\AccessDirect\DadApp.exe -> [2002/11/01 16:47:36 | 000,208,560 | ---- | M] ()
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2002/09/12 09:28:14 | 000,024,576 | ---- | M] (BVRP Software)
dsentry.exe -> C:\WINDOWS\SYSTEM32\DSentry.exe -> [2002/07/17 10:18:06 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTS.exe -> [2010/11/11 19:52:54 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll -> [2004/08/04 02:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(AppMgmt) Application Management [Disabled | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Disabled | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/11/16 01:01:19 | 001,375,992 | ---- | M] (Lavasoft)
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Disabled | Stopped] -> C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -> [2010/09/22 13:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(WRConsumerService) Webroot Client Service [Disabled | Stopped] -> C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/06/24 19:16:40 | 002,998,560 | ---- | M] (Webroot Software, Inc. )
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.)
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Disabled | Stopped] -> c:\Program Files\McAfee.com\VSO\mcvsrte.exe -> [2002/10/04 15:09:20 | 000,094,208 | ---- | M] (Mcafee.com Corporation)
(McShield) McAfee.com McShield [Disabled | Stopped] -> c:\Program Files\McAfee.com\VSO\McShield.exe -> [2001/09/08 06:00:00 | 000,225,375 | ---- | M] ()

[Driver Services - Safe List]
(浍湉ဈﾷ￠联�ﾶ�ﾶ.sys) 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [Kernel | Unknown | Stopped] -> C:\WINDOWS\System32\drivers\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys.sys [WARNING: C:\WINDOWS\System32\drivers\drivers\??????????.sys.sys] -> File not found
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\Services\PptpMiniport.sys -> File not found
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\IRENES~1\LOCALS~1\Temp\catchme.sys -> File not found
(ATWPKT2) ATWPKT2 [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\AMERIC~1.0\ATWPKT2.SYS -> File not found
(Lavasoft Kernexplorer) Lavasoft helper driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -> [2010/11/16 01:01:58 | 000,015,264 | ---- | M] ()
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB)
(SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -> [2010/06/17 14:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSFMONM) Spy Sweeper File System Filter Driver [File_System | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\ssfmonm.sys -> [2010/06/17 14:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -> [2010/06/17 14:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(浍湉ဈﾷ￠联�ﾶ�ﾶ) 浍湉ဈﾷ￠联�ﾶ�ﾶ [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??????????.sys] -> [2010/05/14 14:40:18 | 000,000,000 | ---- | M] ()
(B�竓瞥) B�竓瞥 [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\B�竓瞥.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\B????.sys] -> [2010/03/08 12:15:23 | 000,000,000 | ---- | M] ()
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\mcdbus.sys -> [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.)
(RDID1009) EDIROL UM-1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\Rdwm1009.sys -> [2007/03/05 06:08:36 | 000,079,649 | R--- | M] (Roland Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -> [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\amdagp.sys -> [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sisagp.sys -> [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -> [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -> [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation)
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -> [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation)
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -> [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation)
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -> [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation)
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -> [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation)
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -> [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation)
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -> [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation)
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -> [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation)
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -> [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation)
(i81x) i81x [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -> [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation)
(MxlW2k) MxlW2k [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\MxlW2k.sys -> [2003/06/03 02:00:20 | 000,028,100 | ---- | M] (MusicMatch, Inc.)
(StreamDispatcher) StreamDispatcher [Kernel | Auto | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\strmdisp.sys -> [2003/01/23 15:06:12 | 000,022,400 | ---- | M] (Conexant Systems, Inc.)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -> [2003/01/23 15:05:00 | 000,153,344 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -> [2003/01/23 15:03:04 | 000,585,984 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -> [2003/01/23 15:02:00 | 001,067,008 | ---- | M] (Conexant Systems, Inc.)
(BCM43XX) Dell TrueMobile WLAN Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -> [2003/01/09 14:01:50 | 000,164,224 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -> [2002/12/17 11:41:36 | 000,042,368 | ---- | M] (Broadcom Corporation)
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.sys -> [2002/11/11 17:57:16 | 000,193,840 | ---- | M] (SigmaTel, Inc.)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -> [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -> [2002/11/07 22:31:36 | 000,539,392 | ---- | M] (ATI Technologies Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -> [2002/10/11 12:21:36 | 000,264,528 | ---- | M] (Synaptics, Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -> [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation)
(NaiFiltr) NaiFiltr [File_System | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -> [2001/08/17 11:22:04 | 000,023,296 | ---- | M] ()

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dellnet.com/ ->
HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dellnet.com/ ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dellnet.com/ ->
HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dellnet.com/ ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\] > -> ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\: "ProxyOverride" -> <local> ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\IRENE STUART\Application Data\Mozilla\FireFox\Profiles\qxdkqfqz.default\prefs.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/11/03 00:47:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/11/03 00:46:12 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\IRENE STUART\Application Data\Mozilla\Extensions -> [2010/11/03 00:48:18 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\IRENE STUART\Application Data\Mozilla\Firefox\Profiles\qxdkqfqz.default\extensions -> [2010/11/03 00:48:18 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/26 03:30:36 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/16 16:29:13 | 000,000,077 | ---- | M] - 3 lines) -> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts ->
Reset Hosts
127.0.0.1 localhost
127.0.0.1 www.google-analytics.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2003/05/15 00:47:54 | 000,050,376 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ATIModeChange" -> C:\WINDOWS\System32\Ati2mdxx.exe ["Ati2mdxx.exe"] -> [2001/09/04 16:24:26 | 000,028,672 | ---- | M] (ATI Technologies, Inc.)
"CARPService" -> C:\WINDOWS\System32\carpserv.exe ["carpserv.exe"] -> [2003/01/23 15:06:04 | 000,004,608 | ---- | M] (Conexant Systems, Inc.)
"DadApp" -> C:\Program Files\Dell\AccessDirect\dadapp.exe ["C:\Program Files\Dell\AccessDirect\dadapp.exe"] -> [2002/11/01 16:47:36 | 000,208,560 | ---- | M] ()
"DVDSentry" -> C:\WINDOWS\System32\DSentry.exe ["C:\WINDOWS\System32\DSentry.exe"] -> [2002/07/17 10:18:06 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering)
"DwlClient" -> C:\Program Files\Common Files\Dell\EUSW\Support.exe ["C:\Program Files\Common Files\Dell\EUSW\Support.exe"] -> [2003/05/15 14:22:36 | 000,245,760 | ---- | M] (Dell)
"SynTPLpr" -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe ["C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"] -> [2002/10/11 12:30:44 | 000,126,976 | ---- | M] (Synaptics, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2003/06/03 02:15:13 | 000,151,597 | ---- | M] (RealNetworks, Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2002/09/12 09:28:14 | 000,024,576 | ---- | M] (BVRP Software)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< IRENE STUART Startup Folder > -> C:\Documents and Settings\IRENE STUART\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006] > -> HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006] > -> HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006] > -> HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\] > -> HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\] > -> HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3201173307-1338369577-3148431067-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.ad...Plus/1.6/gp.cab [Reg Error: Key error.] ->
DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3B503F43-8A81-4E67-997C-6AF7592E531E}\\DhcpNameServer -> 192.168.2.1 (Dell TrueMobile 1300 WLAN Mini-PCI Card) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AIM] -> [2010/05/21 10:36:28 | 003,824,472 | ---- | M] (AOL Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2010/02/09 17:16:32 | 000,654,648 | ---- | M] (BitTorrent, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2002/09/03 08:59:58 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
AppMgmt -> C:\WINDOWS\System32\appmgmts.dll -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
piffile [open] -> "%1" %* ->
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2004/08/04 02:56:57 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [AddToPlaylistVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010/01/30 17:27:38 | 000,141,061 | ---- | M] ()
Directory [find] -> %SystemRoot%\Explorer.exe -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010/01/30 17:27:38 | 000,141,061 | ---- | M] ()
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 11/6/2010 1:57:19 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Application [ Error ] 11/8/2010 4:48:00 PM Computer Name = DERRICKLAPTOP | Source = McLogEvent | ID = 5051 -> Description =
Application [ Error ] 11/8/2010 4:48:03 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Application [ Error ] 11/9/2010 3:05:00 PM Computer Name = DERRICKLAPTOP | Source = McLogEvent | ID = 5051 -> Description =
Application [ Error ] 11/9/2010 3:05:15 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Application [ Error ] 11/10/2010 3:22:10 PM Computer Name = DERRICKLAPTOP | Source = McLogEvent | ID = 5051 -> Description =
Application [ Error ] 11/10/2010 3:22:15 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Application [ Error ] 11/11/2010 7:51:56 PM Computer Name = DERRICKLAPTOP | Source = McLogEvent | ID = 5051 -> Description =
Application [ Error ] 11/11/2010 7:52:05 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application McShield.exe, version 6.0.0.100, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Application [ Error ] 11/18/2010 11:23:34 PM Computer Name = DERRICKLAPTOP | Source = Application Error | ID = 1000 -> Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.
System [ Error ] 11/23/2010 7:28:14 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Upload Manager service failed to start due to the following error: %%1079
System [ Error ] 11/23/2010 7:28:20 PM Computer Name = DERRICKLAPTOP | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.2.5 for the Network Card with network address 00904B244A18 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 11/24/2010 4:21:54 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Parallel port driver service failed to start due to the following error: %%1058
System [ Error ] 11/24/2010 4:21:54 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Upload Manager service failed to start due to the following error: %%1079
System [ Error ] 11/25/2010 12:59:55 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Parallel port driver service failed to start due to the following error: %%1058
System [ Error ] 11/25/2010 12:59:55 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Upload Manager service failed to start due to the following error: %%1079
System [ Error ] 11/26/2010 1:39:23 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Parallel port driver service failed to start due to the following error: %%1058
System [ Error ] 11/26/2010 1:39:23 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Upload Manager service failed to start due to the following error: %%1079
System [ Error ] 11/27/2010 5:35:08 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Parallel port driver service failed to start due to the following error: %%1058
System [ Error ] 11/27/2010 5:35:08 PM Computer Name = DERRICKLAPTOP | Source = Service Control Manager | ID = 7000 -> Description = The Upload Manager service failed to start due to the following error: %%1079

[Files/Folders - Created Within 30 Days]
_OTL -> C:\_OTL -> [2010/11/20 22:09:00 | 000,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2010/11/19 00:39:44 | 000,000,000 | -HSD | C]
OTL.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTL.exe -> [2010/11/18 22:02:49 | 000,575,488 | ---- | C] (OldTimer Tools)
temp -> C:\WINDOWS\temp -> [2010/11/13 22:26:40 | 000,000,000 | ---D | C]
_OTS -> C:\_OTS -> [2010/11/12 17:34:31 | 000,000,000 | ---D | C]
tdsskiller -> C:\Documents and Settings\IRENE STUART\Desktop\tdsskiller -> [2010/11/11 20:28:26 | 000,000,000 | ---D | C]
OTS.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTS.exe -> [2010/11/11 19:52:52 | 000,642,048 | ---- | C] (OldTimer Tools)
mbam-setup(2).exe -> C:\Documents and Settings\IRENE STUART\Desktop\mbam-setup(2).exe -> [2010/11/11 19:51:10 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
pix -> C:\Documents and Settings\IRENE STUART\My Documents\pix -> [2010/11/10 02:19:00 | 000,000,000 | ---D | C]
Free Window Registry Repair -> C:\Program Files\Free Window Registry Repair -> [2010/11/03 01:21:56 | 000,000,000 | ---D | C]
Firefox Setup 3.6.12.exe -> C:\Documents and Settings\IRENE STUART\Desktop\Firefox Setup 3.6.12.exe -> [2010/11/03 00:43:37 | 008,567,280 | ---- | C] (Mozilla)
SsiEfr.exe -> C:\WINDOWS\System32\SsiEfr.exe -> [2010/11/01 23:57:42 | 000,017,472 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
ssidrv.sys -> C:\WINDOWS\System32\drivers\ssidrv.sys -> [2010/11/01 23:57:25 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
ssfmonm.sys -> C:\WINDOWS\System32\drivers\ssfmonm.sys -> [2010/11/01 23:57:25 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
sshrmd.sys -> C:\WINDOWS\System32\drivers\sshrmd.sys -> [2010/11/01 23:57:25 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
cmdcons -> C:\cmdcons -> [2010/11/01 23:00:05 | 000,000,000 | RHSD | C]
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/11/01 22:55:44 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/11/01 22:55:44 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/11/01 22:55:44 | 000,031,232 | ---- | C] (NirSoft)
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/11/01 22:55:43 | 000,212,480 | ---- | C] (SteelWerX)
ERDNT -> C:\WINDOWS\ERDNT -> [2010/11/01 22:55:30 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/11/01 22:54:50 | 000,000,000 | ---D | C]
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/11/01 22:49:46 | 000,000,000 | ---D | C]
SBREDrv.sys -> C:\WINDOWS\System32\drivers\SBREDrv.sys -> [2010/10/31 01:18:09 | 000,098,392 | ---- | C] (Sunbelt Software)
Webroot -> C:\Program Files\Webroot -> [2010/10/31 01:07:10 | 000,000,000 | ---D | C]
{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> [2010/10/31 01:06:44 | 000,000,000 | -H-D | C]
Webroot -> C:\Documents and Settings\All Users\Application Data\Webroot -> [2010/10/31 01:06:03 | 000,000,000 | ---D | C]
PackageAware -> C:\Documents and Settings\IRENE STUART\Local Settings\Application Data\PackageAware -> [2010/10/31 01:05:50 | 000,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [2010/11/27 16:35:04 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/27 16:35:01 | 267,440,128 | -HS- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/11/24 19:20:00 | 000,000,284 | ---- | M] ()
Yesterday is a shotgun blast away.mp3 -> C:\Documents and Settings\IRENE STUART\Desktop\Yesterday is a shotgun blast away.mp3 -> [2010/11/24 15:27:50 | 001,540,932 | ---- | M] ()
[bleep]ed Jam.mp3 -> C:\Documents and Settings\IRENE STUART\Desktop\[bleep]ed Jam.mp3 -> [2010/11/24 15:27:31 | 001,573,115 | ---- | M] ()
0703002047.jpg -> C:\Documents and Settings\IRENE STUART\Desktop\0703002047.jpg -> [2010/11/23 00:08:32 | 000,110,326 | ---- | M] ()
abuseeachother.jpg -> C:\Documents and Settings\IRENE STUART\Desktop\abuseeachother.jpg -> [2010/11/21 04:01:00 | 000,192,739 | ---- | M] ()
consumereport.rtf -> C:\Documents and Settings\IRENE STUART\Desktop\consumereport.rtf -> [2010/11/20 03:37:21 | 000,000,611 | ---- | M] ()
se.jpg -> C:\Documents and Settings\IRENE STUART\Desktop\se.jpg -> [2010/11/20 02:39:41 | 000,218,939 | ---- | M] ()
4912148011_65cbf3a1dd_b.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\4912148011_65cbf3a1dd_b.jpg -> [2010/11/19 00:46:15 | 000,336,344 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/11/18 22:23:46 | 000,000,472 | ---- | M] ()
OTL.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTL.exe -> [2010/11/18 22:02:42 | 000,575,488 | ---- | M] (OldTimer Tools)
hosts -> C:\WINDOWS\System32\drivers\ETC\hosts -> [2010/11/16 16:29:13 | 000,000,077 | ---- | M] ()
SBREDrv.sys -> C:\WINDOWS\System32\drivers\SBREDrv.sys -> [2010/11/16 01:02:05 | 000,098,392 | ---- | M] (Sunbelt Software)
0624002201.3g2 -> C:\Documents and Settings\IRENE STUART\Desktop\0624002201.3g2 -> [2010/11/14 23:25:05 | 000,346,822 | ---- | M] ()
computerfix1.rtf -> C:\Documents and Settings\IRENE STUART\Desktop\computerfix1.rtf -> [2010/11/14 16:31:27 | 000,005,438 | ---- | M] ()
HelpAsst_mebroot_fix.exe -> C:\Documents and Settings\IRENE STUART\Desktop\HelpAsst_mebroot_fix.exe -> [2010/11/14 16:27:31 | 000,490,232 | ---- | M] ()
BOOT.INI -> C:\BOOT.INI -> [2010/11/12 18:02:20 | 000,000,327 | RHS- | M] ()
ComboFix.exe -> C:\Documents and Settings\IRENE STUART\Desktop\ComboFix.exe -> [2010/11/12 17:52:59 | 003,908,597 | R--- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/11 19:55:08 | 000,000,696 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\IRENE STUART\Desktop\OTS.exe -> [2010/11/11 19:52:54 | 000,642,048 | ---- | M] (OldTimer Tools)
mbam-setup(2).exe -> C:\Documents and Settings\IRENE STUART\Desktop\mbam-setup(2).exe -> [2010/11/11 19:51:57 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
tdsskiller.zip -> C:\Documents and Settings\IRENE STUART\Desktop\tdsskiller.zip -> [2010/11/11 19:49:51 | 001,215,581 | ---- | M] ()
16269_1269294415951_1337568108_30798323_2833581_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294415951_1337568108_30798323_2833581_n.jpg -> [2010/11/10 02:50:58 | 000,019,040 | ---- | M] ()
44632_142077209163247_100000829071495_183209_4044198_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\44632_142077209163247_100000829071495_183209_4044198_n.jpg -> [2010/11/10 02:50:21 | 000,086,575 | ---- | M] ()
n43202626_30209792_1405.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n43202626_30209792_1405.jpg -> [2010/11/10 02:14:34 | 000,064,712 | ---- | M] ()
6174_112605476226_530216226_2693289_5746279_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6174_112605476226_530216226_2693289_5746279_n.jpg -> [2010/11/10 02:12:04 | 000,071,081 | ---- | M] ()
16269_1269292455902_1337568108_30798317_3805717_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269292455902_1337568108_30798317_3805717_n.jpg -> [2010/11/10 02:08:39 | 000,056,748 | ---- | M] ()
n1255260051_30059652_9726.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n1255260051_30059652_9726.jpg -> [2010/11/10 01:57:43 | 000,047,598 | ---- | M] ()
n14229306_34298133_425.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_34298133_425.jpg -> [2010/11/10 01:56:34 | 000,065,735 | ---- | M] ()
n14228939_31237263_1379.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14228939_31237263_1379.jpg -> [2010/11/10 01:56:26 | 000,051,078 | ---- | M] ()
6614_116586316226_530216226_2754120_632827_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6614_116586316226_530216226_2754120_632827_n.jpg -> [2010/11/10 01:55:46 | 000,028,777 | ---- | M] ()
n43202626_30593204_3296.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n43202626_30593204_3296.jpg -> [2010/11/10 01:55:29 | 000,055,503 | ---- | M] ()
6614_116586301226_530216226_2754118_6097523_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6614_116586301226_530216226_2754118_6097523_n.jpg -> [2010/11/10 01:55:08 | 000,041,761 | ---- | M] ()
n14229306_36725576_2629.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_36725576_2629.jpg -> [2010/11/10 01:54:57 | 000,053,463 | ---- | M] ()
n1255260051_30059656_906.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n1255260051_30059656_906.jpg -> [2010/11/10 01:54:38 | 000,049,248 | ---- | M] ()
n14229306_35273601_4146.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_35273601_4146.jpg -> [2010/11/10 01:54:15 | 000,046,908 | ---- | M] ()
16269_1269299336074_1337568108_30798353_720516_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269299336074_1337568108_30798353_720516_n.jpg -> [2010/11/09 01:03:11 | 000,046,544 | ---- | M] ()
16269_1269651624881_1337568108_30799587_123308_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269651624881_1337568108_30799587_123308_n.jpg -> [2010/11/09 01:02:49 | 000,039,231 | ---- | M] ()
16269_1269294375950_1337568108_30798322_2021523_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294375950_1337568108_30798322_2021523_n.jpg -> [2010/11/09 00:59:23 | 000,032,694 | ---- | M] ()
16269_1269290495853_1337568108_30798281_3990276_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269290495853_1337568108_30798281_3990276_n.jpg -> [2010/11/09 00:59:00 | 000,046,397 | ---- | M] ()
16269_1269294935964_1337568108_30798326_4353692_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294935964_1337568108_30798326_4353692_n.jpg -> [2010/11/09 00:58:38 | 000,038,738 | ---- | M] ()
masons.wpd -> C:\Documents and Settings\IRENE STUART\My Documents\masons.wpd -> [2010/11/08 02:51:03 | 000,016,426 | ---- | M] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/08 01:20:24 | 000,089,088 | ---- | M] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\IRENE STUART\Desktop\Free Window Registry Repair.lnk -> [2010/11/03 01:21:59 | 000,000,718 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\IRENE STUART\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/11/03 00:46:39 | 000,001,620 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/11/03 00:46:39 | 000,001,602 | ---- | M] ()
Firefox Setup 3.6.12.exe -> C:\Documents and Settings\IRENE STUART\Desktop\Firefox Setup 3.6.12.exe -> [2010/11/03 00:43:19 | 008,567,280 | ---- | M] (Mozilla)
lnumbers.rtf -> C:\Documents and Settings\IRENE STUART\My Documents\lnumbers.rtf -> [2010/11/02 22:41:32 | 000,000,188 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2010/11/01 22:49:25 | 000,000,211 | ---- | M] ()
WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [2010/11/01 22:46:44 | 000,001,170 | ---- | M] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/10/31 01:07:15 | 000,001,968 | ---- | M] ()

[Files - No Company Name]
Yesterday is a shotgun blast away.mp3 -> C:\Documents and Settings\IRENE STUART\Desktop\Yesterday is a shotgun blast away.mp3 -> [2010/11/24 15:28:05 | 001,540,932 | ---- | C] ()
[bleep]ed Jam.mp3 -> C:\Documents and Settings\IRENE STUART\Desktop\[bleep]ed Jam.mp3 -> [2010/11/24 15:27:31 | 001,573,115 | ---- | C] ()
0703002047.jpg -> C:\Documents and Settings\IRENE STUART\Desktop\0703002047.jpg -> [2010/11/23 00:08:40 | 000,110,326 | ---- | C] ()
abuseeachother.jpg -> C:\Documents and Settings\IRENE STUART\Desktop\abuseeachother.jpg -> [2010/11/21 04:01:13 | 000,192,739 | ---- | C] ()
consumereport.rtf -> C:\Documents and Settings\IRENE STUART\Desktop\consumereport.rtf -> [2010/11/20 03:30:50 | 000,000,611 | ---- | C] ()
se.jpg -> C:\Documents and Settings\IRENE STUART\Desktop\se.jpg -> [2010/11/20 02:39:59 | 000,218,939 | ---- | C] ()
4912148011_65cbf3a1dd_b.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\4912148011_65cbf3a1dd_b.jpg -> [2010/11/19 00:46:18 | 000,336,344 | ---- | C] ()
0624002201.3g2 -> C:\Documents and Settings\IRENE STUART\Desktop\0624002201.3g2 -> [2010/11/14 23:25:17 | 000,346,822 | ---- | C] ()
mbr.log -> C:\Documents and Settings\IRENE STUART\mbr.log -> [2010/11/14 16:33:28 | 000,000,316 | ---- | C] ()
HelpAsst_mebroot_fix.exe -> C:\Documents and Settings\IRENE STUART\Desktop\HelpAsst_mebroot_fix.exe -> [2010/11/14 16:27:33 | 000,490,232 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/13 22:28:19 | 267,440,128 | -HS- | C] ()
ComboFix.exe -> C:\Documents and Settings\IRENE STUART\Desktop\ComboFix.exe -> [2010/11/12 17:50:41 | 003,908,597 | R--- | C] ()
computerfix1.rtf -> C:\Documents and Settings\IRENE STUART\Desktop\computerfix1.rtf -> [2010/11/11 19:54:10 | 000,005,438 | ---- | C] ()
tdsskiller.zip -> C:\Documents and Settings\IRENE STUART\Desktop\tdsskiller.zip -> [2010/11/11 19:49:47 | 001,215,581 | ---- | C] ()
16269_1269294415951_1337568108_30798323_2833581_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294415951_1337568108_30798323_2833581_n.jpg -> [2010/11/10 02:50:57 | 000,019,040 | ---- | C] ()
44632_142077209163247_100000829071495_183209_4044198_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\44632_142077209163247_100000829071495_183209_4044198_n.jpg -> [2010/11/10 02:50:20 | 000,086,575 | ---- | C] ()
n43202626_30209792_1405.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n43202626_30209792_1405.jpg -> [2010/11/10 02:14:34 | 000,064,712 | ---- | C] ()
6174_112605476226_530216226_2693289_5746279_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6174_112605476226_530216226_2693289_5746279_n.jpg -> [2010/11/10 02:12:04 | 000,071,081 | ---- | C] ()
16269_1269292455902_1337568108_30798317_3805717_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269292455902_1337568108_30798317_3805717_n.jpg -> [2010/11/10 02:08:39 | 000,056,748 | ---- | C] ()
n1255260051_30059652_9726.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n1255260051_30059652_9726.jpg -> [2010/11/10 01:57:42 | 000,047,598 | ---- | C] ()
n14229306_34298133_425.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_34298133_425.jpg -> [2010/11/10 01:56:34 | 000,065,735 | ---- | C] ()
n14228939_31237263_1379.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14228939_31237263_1379.jpg -> [2010/11/10 01:56:25 | 000,051,078 | ---- | C] ()
6614_116586316226_530216226_2754120_632827_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6614_116586316226_530216226_2754120_632827_n.jpg -> [2010/11/10 01:55:46 | 000,028,777 | ---- | C] ()
n43202626_30593204_3296.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n43202626_30593204_3296.jpg -> [2010/11/10 01:55:29 | 000,055,503 | ---- | C] ()
6614_116586301226_530216226_2754118_6097523_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\6614_116586301226_530216226_2754118_6097523_n.jpg -> [2010/11/10 01:55:08 | 000,041,761 | ---- | C] ()
n14229306_36725576_2629.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_36725576_2629.jpg -> [2010/11/10 01:54:57 | 000,053,463 | ---- | C] ()
n1255260051_30059656_906.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n1255260051_30059656_906.jpg -> [2010/11/10 01:54:37 | 000,049,248 | ---- | C] ()
n14229306_35273601_4146.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\n14229306_35273601_4146.jpg -> [2010/11/10 01:54:10 | 000,046,908 | ---- | C] ()
16269_1269299336074_1337568108_30798353_720516_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269299336074_1337568108_30798353_720516_n.jpg -> [2010/11/09 01:03:10 | 000,046,544 | ---- | C] ()
16269_1269651624881_1337568108_30799587_123308_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269651624881_1337568108_30799587_123308_n.jpg -> [2010/11/09 01:02:47 | 000,039,231 | ---- | C] ()
16269_1269294375950_1337568108_30798322_2021523_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294375950_1337568108_30798322_2021523_n.jpg -> [2010/11/09 00:59:23 | 000,032,694 | ---- | C] ()
16269_1269290495853_1337568108_30798281_3990276_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269290495853_1337568108_30798281_3990276_n.jpg -> [2010/11/09 00:59:00 | 000,046,397 | ---- | C] ()
16269_1269294935964_1337568108_30798326_4353692_n.jpg -> C:\Documents and Settings\IRENE STUART\My Documents\16269_1269294935964_1337568108_30798326_4353692_n.jpg -> [2010/11/09 00:58:38 | 000,038,738 | ---- | C] ()
masons.wpd -> C:\Documents and Settings\IRENE STUART\My Documents\masons.wpd -> [2010/11/04 19:01:09 | 000,016,426 | ---- | C] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\IRENE STUART\Desktop\Free Window Registry Repair.lnk -> [2010/11/03 01:21:59 | 000,000,718 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\IRENE STUART\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/11/03 00:46:39 | 000,001,620 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/11/03 00:46:38 | 000,001,602 | ---- | C] ()
lnumbers.rtf -> C:\Documents and Settings\IRENE STUART\My Documents\lnumbers.rtf -> [2010/11/02 22:41:32 | 000,000,188 | ---- | C] ()
wrLZMA.dll -> C:\WINDOWS\System32\wrLZMA.dll -> [2010/11/01 23:57:42 | 000,030,424 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/11/01 23:00:17 | 000,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/11/01 23:00:10 | 000,260,272 | RHS- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/11/01 22:55:44 | 000,256,512 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/11/01 22:55:44 | 000,098,816 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/01 22:55:44 | 000,089,088 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/11/01 22:55:44 | 000,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/11/01 22:55:44 | 000,068,096 | ---- | C] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/10/31 01:07:15 | 000,001,968 | ---- | C] ()
secdrv.sys -> C:\WINDOWS\System32\drivers\secdrv.sys -> [2010/09/19 00:21:13 | 000,027,440 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\IRENE STUART\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/05 03:20:41 | 000,028,160 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/26 14:52:19 | 000,000,024 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2009/12/26 14:51:51 | 000,000,002 | ---- | C] ()
PFP100JPR.{PB -> C:\Documents and Settings\IRENE STUART\Application Data\PFP100JPR.{PB -> [2003/12/30 14:37:26 | 000,061,678 | ---- | C] ()
PFP100JCM.{PB -> C:\Documents and Settings\IRENE STUART\Application Data\PFP100JCM.{PB -> [2003/12/30 14:37:26 | 000,012,358 | ---- | C] ()
dm.ini -> C:\Documents and Settings\IRENE STUART\Application Data\dm.ini -> [2003/11/05 14:37:21 | 000,000,000 | ---- | C] ()
lexstat.ini -> C:\WINDOWS\lexstat.ini -> [2003/07/05 13:08:09 | 000,000,304 | ---- | C] ()
lxbkvs.dll -> C:\WINDOWS\System32\lxbkvs.dll -> [2003/07/05 13:07:30 | 000,040,960 | ---- | C] ()
LXBKLCNP.DLL -> C:\WINDOWS\System32\LXBKLCNP.DLL -> [2003/07/05 13:07:28 | 000,077,824 | ---- | C] ()
lxbkcoin.ini -> C:\WINDOWS\System32\lxbkcoin.ini -> [2003/07/05 13:06:49 | 000,000,266 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2003/06/03 02:17:09 | 000,000,061 | ---- | C] ()
NaiFiltr.sys -> C:\WINDOWS\System32\drivers\NaiFiltr.sys -> [2003/06/03 02:13:20 | 000,023,296 | ---- | C] ()
intuprof.ini -> C:\WINDOWS\intuprof.ini -> [2003/06/03 02:01:25 | 000,000,052 | ---- | C] ()
QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2003/06/03 02:01:21 | 000,000,858 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2003/06/03 01:49:07 | 000,000,780 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2003/06/03 01:23:38 | 000,000,547 | ---- | C] ()
SynTPCoI.dll -> C:\WINDOWS\System32\SynTPCoI.dll -> [2002/10/11 12:35:28 | 000,077,824 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2002/09/03 08:59:14 | 000,004,161 | ---- | C] ()

[File - Lop Check]
AIM -> C:\Documents and Settings\All Users\Application Data\AIM -> [2010/08/19 17:19:12 | 000,000,000 | ---D | M]
BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software -> [2003/07/05 13:14:29 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\All Users\Application Data\Propellerhead Software -> [2010/04/12 23:44:49 | 000,000,000 | ---D | M]
Soulseek -> C:\Documents and Settings\All Users\Application Data\Soulseek -> [2010/05/21 23:52:58 | 000,000,000 | ---D | M]
{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/05/21 18:26:16 | 000,000,000 | ---D | M]
{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> [2010/10/31 01:07:47 | 000,000,000 | -H-D | M]
{ECC164E0-3133-4C70-A831-F08DB2940F70} -> C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} -> [2010/09/13 22:16:19 | 000,000,000 | -H-D | M]
acccore -> C:\Documents and Settings\Guest\Application Data\acccore -> [2010/09/26 00:37:01 | 000,000,000 | ---D | M]
acccore -> C:\Documents and Settings\IRENE STUART\Application Data\acccore -> [2010/08/19 17:20:32 | 000,000,000 | ---D | M]
BitTorrent -> C:\Documents and Settings\IRENE STUART\Application Data\BitTorrent -> [2010/11/08 15:55:46 | 000,000,000 | ---D | M]
GetRightToGo -> C:\Documents and Settings\IRENE STUART\Application Data\GetRightToGo -> [2010/06/03 15:01:46 | 000,000,000 | ---D | M]
gtk-2.0 -> C:\Documents and Settings\IRENE STUART\Application Data\gtk-2.0 -> [2010/06/20 01:33:58 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\IRENE STUART\Application Data\Propellerhead Software -> [2010/04/13 00:38:45 | 000,000,000 | ---D | M]
REAPER -> C:\Documents and Settings\IRENE STUART\Application Data\REAPER -> [2010/06/03 19:58:26 | 000,000,000 | ---D | M]
Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/11/18 22:23:46 | 000,000,472 | ---- | M] ()

[File - Purity Scan]

[Files/Folders - Unicode - All]
C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys -> [2010/03/08 12:15:23 | 000,000,000 | ---- | C] ()
C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys -> [2010/03/08 12:15:23 | 000,000,000 | ---- | M] ()
C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys -> [2010/05/14 14:40:18 | 000,000,000 | ---- | C] ()
C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys -> [2010/05/14 14:40:18 | 000,000,000 | ---- | M] ()
< End of report >

#49
Essexboy

Posted 27 November 2010 - 04:07 PM

GeekU Moderator

Retired Staff
69,964 posts

Lets try this as it is a bit more selective

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Driver Services - Safe List]
YY -> (浍湉ဈﾷ￠联�ﾶ�ﾶ.sys) 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [Kernel | Unknown | Stopped] -> C:\WINDOWS\System32\drivers\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys.sys [WARNING: C:\WINDOWS\System32\drivers\drivers\??????????.sys.sys]
YY -> (浍湉ဈﾷ￠联�ﾶ�ﾶ) 浍湉ဈﾷ￠联�ﾶ�ﾶ [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??????????.sys]
YY -> (B�竓瞥) B�竓瞥 [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\B�竓瞥.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\B????.sys]
[Registry - Safe List]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.ad...Plus/1.6/gp.cab [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY -> {94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}
[Files/Folders - Unicode - All]
NY -> C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys
NY -> C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys
NY -> C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys
NY -> C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

#50
gravitysrainbow

Posted 27 November 2010 - 04:32 PM

Member

Topic Starter
Member
37 posts

All Processes Killed
[Driver Services - Safe List]
Error: No service named 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys was found to stop!
Service\Driver key 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found.
File C:\WINDOWS\System32\drivers\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys.sys not found.
Error: No service named 浍湉ဈﾷ￠联�ﾶ�ﾶ was found to stop!
Service\Driver key 浍湉ဈﾷ￠联�ﾶ�ﾶ not found.
File C:\WINDOWS\SYSTEM32\DRIVERS\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found.
Error: No service named B�竓瞥 was found to stop!
Service\Driver key B�竓瞥 not found.
File C:\WINDOWS\SYSTEM32\DRIVERS\B�竓瞥.sys not found.
[Registry - Safe List]
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
[Files/Folders - Created Within 30 Days]
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\mIDEFunc.dll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\FA6F4296\DE0A17F3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\FA6F4296 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\EA369C90\DE0A17F3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\EA369C90 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\E97AD801\DE0A17F3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\E97AD801 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\E3131F5C\DE0A17F3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\E3131F5C folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\C3BEFA\DE0A17F3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\C3BEFA folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\BBB548A0\DE0A17F3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\BBB548A0 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\B2785152\DE0A17F3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\B2785152 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\54E229FA\DE0A17F3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE\54E229FA folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}\OFFLINE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} folder moved successfully.
[Files/Folders - Unicode - All]
File C:\WINDOWS\System32\drivers\B�竓瞥.sys not found!
File C:\WINDOWS\System32\drivers\B�竓瞥.sys not found!
File C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found!
File C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found!
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IRENE STUART
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 80956548 bytes
->Flash cache emptied: 15049 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 77.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: IRENE STUART
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.40.1 fix logfile created on 11272010_172833

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#51
Essexboy

Posted 27 November 2010 - 04:39 PM

GeekU Moderator

Retired Staff
69,964 posts

Lets try that again in a code box as the quote box changed the unicode character - copy and paste into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Driver Services - Safe List]
YY -> (浍湉ဈﾷ￠联�ﾶ�ﾶ.sys) 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [Kernel | Unknown | Stopped] -> C:\WINDOWS\System32\drivers\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys.sys [WARNING: C:\WINDOWS\System32\drivers\drivers\??????????.sys.sys]
YY -> (浍湉ဈﾷ￠联�ﾶ�ﾶ) 浍湉ဈﾷ￠联�ﾶ�ﾶ [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\??????????.sys]
YY -> (B�竓瞥) B�竓瞥 [Kernel | Unknown | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\B�竓瞥.sys [WARNING: C:\WINDOWS\SYSTEM32\DRIVERS\B????.sys]
[Registry - Safe List]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.ad...Plus/1.6/gp.cab [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY -> {94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}
[Files/Folders - Unicode - All]
NY -> C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys
NY -> C:\WINDOWS\System32\drivers\B????.sys -> C:\WINDOWS\System32\drivers\B�竓瞥.sys
NY -> C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys
NY -> C:\WINDOWS\System32\drivers\??????????.sys -> C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

#52
gravitysrainbow

Posted 27 November 2010 - 04:48 PM

Member

Topic Starter
Member
37 posts

SYSTEM1

OTS logfile created on: 11/27/2010 5:36:57 PM - Run 2
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Derrick Stuart\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 105.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 850 1568 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 10.02 Gb Free Space | 19.01% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 9.95 Gb Free Space | 53.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 298.09 Gb Total Space | 243.42 Gb Free Space | 81.66% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: DERRICK
Current User Name: Derrick Stuart
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTS.exe -> [2010/11/11 19:47:05 | 000,642,048 | ---- | M] (OldTimer Tools)
aei.exe -> C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe -> [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
ssu.exe -> C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe -> [2010/09/22 12:41:30 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
sprtcmd.exe -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
sprtsvc.exe -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
lxddserv.exe -> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe -> [2007/04/26 00:21:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.)
lxddcoms.exe -> C:\WINDOWS\system32\lxddcoms.exe -> [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( )
viewmgr.exe -> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe -> [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation)
viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)
gearsec.exe -> C:\WINDOWS\system32\gearsec.exe -> [2005/12/07 16:05:12 | 000,053,248 | ---- | M] (GEAR Software)
ccsetmgr.exe -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2004/12/13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2004/12/13 15:30:00 | 000,058,992 | ---- | M] (Symantec Corporation)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTS.exe -> [2010/11/11 19:47:05 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll -> [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(AppMgmt) Application Management [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(WRConsumerService) Webroot Client Service [Disabled | Stopped] -> C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/10/01 10:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. )
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running] -> C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -> [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/05/17 21:32:46 | 000,655,624 | ---- | M] (Acresso Software Inc.)
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Auto | Running] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.)
(lxddCATSCustConnectService) lxddCATSCustConnectService [Auto | Running] -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -> [2007/04/26 00:21:42 | 000,099,248 | ---- | M] ()
(lxdd_device) lxdd_device [Auto | Running] -> C:\WINDOWS\System32\lxddcoms.exe -> [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( )
(DSBrokerService) DSBrokerService [On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/07 14:47:46 | 000,076,848 | ---- | M] ()
(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)
(Symantec Core LC) Symantec Core LC [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2006/05/04 02:45:11 | 000,822,424 | ---- | M] (Symantec Corporation)
(Norton Ghost) Norton Ghost [On_Demand | Stopped] -> C:\Program Files\Norton Ghost\Agent\VProSvc.exe -> [2005/12/07 16:05:34 | 002,066,072 | ---- | M] (Symantec Corporation)
(GEARSecurity) GEARSecurity [Auto | Running] -> C:\WINDOWS\system32\gearsec.exe -> [2005/12/07 16:05:12 | 000,053,248 | ---- | M] (GEAR Software)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2004/12/13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation)
(ccPwdSvc) Symantec Password Validation [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -> [2004/12/13 15:30:08 | 000,079,472 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2004/12/13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation)
(MSSQL$SONY_MEDIAMGR) MSSQL$SONY_MEDIAMGR [On_Demand | Stopped] -> C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -> [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation)
(SQLAgent$SONY_MEDIAMGR) SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped] -> C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -> [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\DERRIC~1\LOCALS~1\Temp\catchme.sys -> File not found
(SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -> [2010/06/17 13:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSFMONM) Spy Sweeper File System Filter Driver [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\ssfmonm.sys -> [2010/06/17 13:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -> [2010/06/17 13:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(TPkd) TPkd [Kernel | Boot | Running] -> C:\WINDOWS\System32\drivers\TPkd.sys -> [2009/12/02 13:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.)
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mcdbus.sys -> [2008/07/28 16:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.)
(ISODrive) ISO DVD/CD-ROM Device Driver [File_System | System | Running] -> C:\Program Files\UltraISO\drivers\ISODrive.sys -> [2008/05/24 21:09:10 | 000,073,728 | ---- | M] (EZB Systems, Inc.)
(RDID1009) EDIROL UM-1 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rdwm1009.sys -> [2007/03/05 06:08:36 | 000,079,649 | ---- | M] (Roland Corporation)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\dsunidrv.sys -> [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\symlcbrd.sys -> [2006/05/04 02:45:11 | 000,004,608 | ---- | M] (Symantec Corporation)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2006/05/04 02:40:19 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider)
(SymSnap) SymSnap [File_System | Boot | Running] -> C:\WINDOWS\System32\drivers\SymSnap.sys -> [2005/12/07 16:05:26 | 000,144,880 | ---- | M] (StorageCraft)
(V2IMount) V2IMount [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\V2iMount.sys -> [2005/12/07 16:05:24 | 000,056,240 | ---- | M] (Symantec Corporation)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
(CLEDX) Team H2O CLEDX service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\cledx.sys -> [2005/05/09 19:08:40 | 000,033,792 | ---- | M] (Team H2O)
(senfilt) senfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\CNNSI\\"" -> search.sportsillustrated.cnn.com/pages/search.jsp?query=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Dictionary\\"" -> dictionary.reference.com/search?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Google\\"" -> google.com/search?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\GoogleGroups\\"" -> groups-beta.google.com/groups?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\GoogleImages\\"" -> images.google.com/images?hl=en&lr=&q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\GoogleNews\\"" -> news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\KB\\"" -> support.microsoft.com/search/default.aspx?query=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\KBDLL\\"" -> support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1 ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Movies\\"" -> fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\MSN\\"" -> search.msn.com/results.asp?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Thesaurus\\"" -> thesaurus.reference.com/search?q=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Weather\\"" -> weather.com/weather/local/%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: SearchURL\Yahoo\\"" -> search.yahoo.com/search?p=%s ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: URLSearchHooks\\"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: URLSearchHooks\\"*{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\FireFox\Profiles\yclq893r.default\prefs.js ->
browser.search.defaultengine -> "Ask.com" ->
browser.search.defaultenginename -> "Yahoo! Search" ->
browser.search.defaulturl -> "http://www.google.co...-8&oe=UTF-8&q=" ->
browser.search.order.1 -> "Ask.com" ->
browser.search.selectedEngine -> "Ask.com" ->
browser.search.useDBForOrder -> true ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
keyword.URL -> "http://supertoolbar....ocale=en_US&q=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\FireFox\Profiles\yclq893r.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED ->
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/11/24 13:51:31 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/11/07 23:09:49 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Extensions -> [2009/03/31 12:36:17 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions -> [2010/11/27 12:43:41 | 000,000,000 | ---D | M]
Google Toolbar for Firefox -> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/01/07 14:54:07 | 000,000,000 | ---D | M]
Yahoo! Toolbar -> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/04/02 17:12:25 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/11/27 12:43:41 | 000,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2007/03/29 23:35:42 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/02 00:12:20 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\HOSTS ->
Reset Hosts
127.0.0.1 localhost
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> C:\Program Files\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [2006/08/09 09:37:44 | 000,184,320 | R--- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 000,440,384 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> C:\Program Files\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [2006/08/09 09:37:44 | 000,184,320 | R--- | M] ()
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 000,440,384 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2004/12/13 15:30:00 | 000,058,992 | ---- | M] (Symantec Corporation)
"dellsupportcenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter] -> [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
"dscactivate" -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 09:24:00 | 000,016,384 | ---- | M] ( )
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Derrick Stuart Startup Folder > -> C:\Documents and Settings\Derrick Stuart\Start Menu\Programs\Startup ->
< Visitor Startup Folder > -> C:\Documents and Settings\Visitor\Start Menu\Programs\Startup ->
C:\Documents and Settings\Visitor\Start Menu\Programs\Startup\Last.fm Helper.lnk -> C:\Program Files\Last.fm\LastFMHelper.exe -> [2008/01/08 15:23:18 | 000,106,496 | ---- | M] (Last.fm)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"NoCDBurning" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoSetActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Yahoo! Search -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
Yahoo! &Dictionary -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
Yahoo! &Maps -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
Yahoo! &SMS -> C:\Program Files\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2008/10/20 21:08:33 | 000,000,000 | ---D | M]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 15:29:16 | 000,198,136 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 000,198,136 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 000,198,136 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 000,198,136 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_15] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{736146B6-8189-4A90-AA8C-E535D1F73089}\\DhcpNameServer -> 192.168.2.1 (Intel® PRO/100 VE Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/04/05 13:18:22 | 000,131,072 | ---- | M] (Intel Corporation)
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Lexmark 2500 Series\app4r.exe" -> C:\Program Files\Lexmark 2500 Series\App4R.exe [C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio] -> [2007/05/04 01:38:36 | 000,029,616 | ---- | M] ()
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AIM] -> [2010/10/12 18:11:42 | 004,258,136 | ---- | M] (AOL Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2008/03/19 07:50:40 | 000,587,568 | ---- | M] ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 02:17:27 | 000,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/11/12 16:33:04 | 010,358,048 | ---- | M] (Apple Inc.)
"C:\Program Files\Lexmark 2500 Series\App4R.exe" -> C:\Program Files\Lexmark 2500 Series\App4R.exe [C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio] -> [2007/05/04 01:38:36 | 000,029,616 | ---- | M] ()
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" -> C:\Program Files\Lexmark 2500 Series\lxddamon.exe [C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor] -> [2007/03/05 02:40:25 | 000,020,480 | ---- | M] (Lexmark)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" -> C:\Program Files\Lexmark 2500 Series\lxddmon.exe [C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: ] -> [2007/05/04 01:38:34 | 000,291,760 | ---- | M] ()
"C:\Program Files\SoulseekNS\slsk.exe" -> C:\Program Files\SoulseekNS\slsk.exe [C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek] -> [2008/08/02 08:59:20 | 003,461,120 | ---- | M] ()
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\System32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2004/08/04 05:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\lxddcoms.exe" -> C:\WINDOWS\System32\lxddcoms.exe [C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System] -> [2007/04/26 00:21:22 | 000,537,520 | ---- | M] ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxddjswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: ] -> [2007/04/26 00:21:37 | 000,398,256 | ---- | M] ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxddpswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: ] -> [2007/04/26 00:21:33 | 000,291,760 | ---- | M] ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxddtime.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: ] -> [2007/04/26 00:21:53 | 000,082,864 | ---- | M] (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxddwbgw.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: ] -> [2007/04/26 00:21:57 | 000,140,208 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\SOFTWARE\Classes\<extension>\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found

[Registry - Additional Scans - Safe List]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
AppMgmt -> C:\WINDOWS\System32\appmgmts.dll -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
piffile [open] -> "%1" %* ->
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2004/08/04 05:00:00 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [cmd] -> cmd.exe /k "cd %L" -> [2004/08/04 05:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 11/6/2010 11:05:36 PM Computer Name = DERRICK | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The connection with the server was terminated abnormally
Application [ Error ] 11/6/2010 11:18:45 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/6/2010 11:34:52 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/6/2010 11:54:52 PM Computer Name = DERRICK | Source = Application Error | ID = 1004 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/6/2010 11:56:43 PM Computer Name = DERRICK | Source = Application Error | ID = 1004 -> Description = Faulting application avgnsx.exe, version 8.5.0.316, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.
Application [ Error ] 11/7/2010 11:28:29 PM Computer Name = DERRICK | Source = MsiInstaller | ID = 10005 -> Description = Product: ABBYY FineReader 6.0 Sprint -- Error 2753. The File 'Sprint.exe' is not marked for installation.
Application [ Error ] 11/12/2010 6:35:20 PM Computer Name = DERRICK | Source = LoadPerf | ID = 3011 -> Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.
Application [ Error ] 11/12/2010 6:35:23 PM Computer Name = DERRICK | Source = LoadPerf | ID = 3006 -> Description = Unable to read the performance counter strings of the 009 language ID. The Win32 status returned by the call is the first DWORD in Data section.
Application [ Error ] 11/14/2010 7:22:11 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application mbr.exe, version 0.0.0.0, faulting module mbr.exe, version 0.0.0.0, fault address 0x000063ef.
Application [ Error ] 11/14/2010 7:38:05 PM Computer Name = DERRICK | Source = Application Error | ID = 1000 -> Description = Faulting application mbr.exe, version 0.0.0.0, faulting module mbr.exe, version 0.0.0.0, fault address 0x000063ef.
System [ Error ] 11/14/2010 6:35:07 PM Computer Name = DERRICK | Source = Service Control Manager | ID = 7001 -> Description = The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31
System [ Error ] 11/14/2010 6:35:07 PM Computer Name = DERRICK | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31
System [ Error ] 11/14/2010 6:35:07 PM Computer Name = DERRICK | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip V2IMount
System [ Error ] 11/14/2010 6:35:46 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 11/14/2010 6:36:07 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
System [ Error ] 11/14/2010 6:36:58 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 11/14/2010 6:37:34 PM Computer Name = DERRICK | Source = Service Control Manager | ID = 7034 -> Description = The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 11/14/2010 7:00:21 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 11/14/2010 7:01:24 PM Computer Name = DERRICK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 11/16/2010 12:11:01 AM Computer Name = DERRICK | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.2.4 for the Network Card with network address 00167651DD88 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

[Files/Folders - Created Within 30 Days]
HelpAsst_backup -> C:\HelpAsst_backup -> [2010/11/14 18:21:48 | 000,000,000 | ---D | C]
temp -> C:\WINDOWS\temp -> [2010/11/14 18:00:34 | 000,000,000 | ---D | C]
avg_remover_stf_x86_2011_1165.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\avg_remover_stf_x86_2011_1165.exe -> [2010/11/14 16:39:11 | 001,086,304 | ---- | C] (AVG Technologies CZ, s.r.o.)
_OTS -> C:\_OTS -> [2010/11/12 16:23:35 | 000,000,000 | ---D | C]
OTS.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTS.exe -> [2010/11/11 19:47:04 | 000,642,048 | ---- | C] (OldTimer Tools)
OTL.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTL.exe -> [2010/11/11 04:14:40 | 000,575,488 | ---- | C] (OldTimer Tools)
Firefox Setup 3.6.12.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\Firefox Setup 3.6.12.exe -> [2010/11/07 23:08:00 | 008,567,280 | ---- | C] (Mozilla)
Free Window Registry Repair -> C:\Program Files\Free Window Registry Repair -> [2010/11/03 01:43:32 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/11/01 23:55:58 | 000,000,000 | RHSD | C]
Config.Msi -> C:\Config.Msi -> [2010/11/01 22:16:29 | 000,000,000 | ---D | C]
ssidrv.sys -> C:\WINDOWS\System32\drivers\ssidrv.sys -> [2010/10/30 22:27:22 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
ssfmonm.sys -> C:\WINDOWS\System32\drivers\ssfmonm.sys -> [2010/10/30 22:27:22 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
sshrmd.sys -> C:\WINDOWS\System32\drivers\sshrmd.sys -> [2010/10/30 22:27:22 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/10/30 22:25:23 | 000,000,000 | ---D | C]
{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA} -> C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA} -> [2010/10/30 22:20:21 | 000,000,000 | -H-D | C]
Webroot -> C:\Documents and Settings\All Users\Application Data\Webroot -> [2010/10/30 22:19:25 | 000,000,000 | ---D | C]
PackageAware -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\PackageAware -> [2010/10/30 22:19:21 | 000,000,000 | ---D | C]
STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2010/10/30 02:25:53 | 000,000,000 | ---D | C]
LXDDhcp.dll -> C:\WINDOWS\System32\LXDDhcp.dll -> [2008/02/02 22:39:19 | 000,323,584 | ---- | C] ( )
lxddpmui.dll -> C:\WINDOWS\System32\lxddpmui.dll -> [2007/03/02 09:13:41 | 000,643,072 | ---- | C] ( )
lxddserv.dll -> C:\WINDOWS\System32\lxddserv.dll -> [2007/03/02 09:12:21 | 001,232,896 | ---- | C] ( )
lxddcomm.dll -> C:\WINDOWS\System32\lxddcomm.dll -> [2007/03/02 09:05:53 | 000,425,984 | ---- | C] ( )
lxddlmpm.dll -> C:\WINDOWS\System32\lxddlmpm.dll -> [2007/03/02 09:04:14 | 000,585,728 | ---- | C] ( )
lxddiesc.dll -> C:\WINDOWS\System32\lxddiesc.dll -> [2007/03/02 09:02:55 | 000,397,312 | ---- | C] ( )
lxddpplc.dll -> C:\WINDOWS\System32\lxddpplc.dll -> [2007/03/02 09:00:23 | 000,094,208 | ---- | C] ( )
lxddcomc.dll -> C:\WINDOWS\System32\lxddcomc.dll -> [2007/03/02 08:59:32 | 000,684,032 | ---- | C] ( )
lxddprox.dll -> C:\WINDOWS\System32\lxddprox.dll -> [2007/03/02 08:58:58 | 000,163,840 | ---- | C] ( )
lxddinpa.dll -> C:\WINDOWS\System32\lxddinpa.dll -> [2007/03/02 08:51:50 | 000,413,696 | ---- | C] ( )
lxddusb1.dll -> C:\WINDOWS\System32\lxddusb1.dll -> [2007/03/02 08:51:09 | 000,999,424 | ---- | C] ( )
lxddhbn3.dll -> C:\WINDOWS\System32\lxddhbn3.dll -> [2007/03/02 08:47:01 | 000,700,416 | ---- | C] ( )
3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp files -> C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp ->

[Files/Folders - Modified Within 30 Days]
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/11/25 16:09:35 | 000,000,284 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/14 18:31:49 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/14 18:31:48 | 266,391,552 | -HS- | M] ()
HelpAsst_mebroot_fix.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\HelpAsst_mebroot_fix.exe -> [2010/11/14 18:20:29 | 000,490,232 | ---- | M] ()
ComboFix.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\ComboFix.exe -> [2010/11/14 17:24:37 | 003,909,871 | R--- | M] ()
avg_remover_stf_x86_2011_1165.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\avg_remover_stf_x86_2011_1165.exe -> [2010/11/14 16:38:59 | 001,086,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
computerfix1.rtf -> C:\Documents and Settings\Derrick Stuart\Desktop\computerfix1.rtf -> [2010/11/11 19:48:42 | 000,004,068 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTS.exe -> [2010/11/11 19:47:05 | 000,642,048 | ---- | M] (OldTimer Tools)
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/11 19:46:14 | 000,000,696 | ---- | M] ()
tdsskiller.zip -> C:\Documents and Settings\Derrick Stuart\Desktop\tdsskiller.zip -> [2010/11/11 19:42:50 | 001,215,581 | ---- | M] ()
OTL.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\OTL.exe -> [2010/11/11 04:14:40 | 000,575,488 | ---- | M] (OldTimer Tools)
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/11/10 23:07:20 | 000,002,206 | ---- | M] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/08 01:20:24 | 000,089,088 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/11/07 23:10:33 | 000,001,620 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/11/07 23:10:33 | 000,001,602 | ---- | M] ()
Firefox Setup 3.6.12.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\Firefox Setup 3.6.12.exe -> [2010/11/07 23:07:44 | 008,567,280 | ---- | M] (Mozilla)
boot.ini -> C:\boot.ini -> [2010/11/06 23:02:07 | 000,000,327 | RHS- | M] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\Derrick Stuart\Desktop\Free Window Registry Repair.lnk -> [2010/11/03 01:43:34 | 000,000,718 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2010/11/01 23:44:47 | 000,000,210 | ---- | M] ()
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/01 22:09:16 | 000,000,240 | ---- | M] ()
pink.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\pink.jpg -> [2010/11/01 05:19:40 | 000,210,244 | ---- | M] ()
IMG00071-20101031-0111.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\IMG00071-20101031-0111.jpg -> [2010/11/01 05:07:38 | 000,460,078 | ---- | M] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/10/30 22:20:39 | 000,001,968 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/10/30 02:09:01 | 000,049,664 | ---- | M] ()
3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp files -> C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp ->

[Files - No Company Name]
mbr.log -> C:\Documents and Settings\Derrick Stuart\mbr.log -> [2010/11/14 18:24:04 | 000,000,305 | ---- | C] ()
HelpAsst_mebroot_fix.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\HelpAsst_mebroot_fix.exe -> [2010/11/14 18:20:30 | 000,490,232 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/11/14 18:02:16 | 266,391,552 | -HS- | C] ()
ComboFix.exe -> C:\Documents and Settings\Derrick Stuart\Desktop\ComboFix.exe -> [2010/11/12 17:26:59 | 003,909,871 | R--- | C] ()
computerfix1.rtf -> C:\Documents and Settings\Derrick Stuart\Desktop\computerfix1.rtf -> [2010/11/11 19:48:42 | 000,004,068 | ---- | C] ()
tdsskiller.zip -> C:\Documents and Settings\Derrick Stuart\Desktop\tdsskiller.zip -> [2010/11/11 19:42:52 | 001,215,581 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> [2010/11/07 23:10:33 | 000,001,620 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/11/07 23:10:33 | 000,001,602 | ---- | C] ()
Free Window Registry Repair.lnk -> C:\Documents and Settings\Derrick Stuart\Desktop\Free Window Registry Repair.lnk -> [2010/11/03 01:43:34 | 000,000,718 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/11/01 23:56:09 | 000,000,210 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/11/01 23:56:01 | 000,260,272 | RHS- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/01 23:50:56 | 000,089,088 | ---- | C] ()
kgpcpy.cfg -> C:\WINDOWS\System32\drivers\kgpcpy.cfg -> [2010/11/01 22:09:16 | 000,000,240 | ---- | C] ()
pink.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\pink.jpg -> [2010/11/01 05:19:56 | 000,210,244 | ---- | C] ()
IMG00071-20101031-0111.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\IMG00071-20101031-0111.jpg -> [2010/11/01 05:07:52 | 000,460,078 | ---- | C] ()
me.jpg -> C:\Documents and Settings\Derrick Stuart\Desktop\me.jpg -> [2010/11/01 05:01:07 | 000,335,458 | ---- | C] ()
wrLZMA.dll -> C:\WINDOWS\System32\wrLZMA.dll -> [2010/10/30 22:27:35 | 000,030,424 | ---- | C] ()
SsiEfr.exe -> C:\WINDOWS\System32\SsiEfr.exe -> [2010/10/30 22:27:35 | 000,017,472 | ---- | C] ()
Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/10/30 22:20:39 | 000,001,968 | ---- | C] ()
FxGoWinFu.dll -> C:\WINDOWS\System32\FxGoWinFu.dll -> [2009/11/09 02:51:01 | 000,172,032 | ---- | C] ()
WINCMD.INI -> C:\WINDOWS\WINCMD.INI -> [2009/10/10 10:47:23 | 000,000,311 | ---- | C] ()
prvlcl.dat -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\prvlcl.dat -> [2009/06/29 17:08:59 | 000,000,000 | ---- | C] ()
RdCi1009.dll -> C:\WINDOWS\System32\RdCi1009.dll -> [2009/01/13 14:56:15 | 000,010,886 | ---- | C] ()
tabled32.ini -> C:\WINDOWS\tabled32.ini -> [2009/01/03 17:58:35 | 000,001,935 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/10/24 00:29:17 | 000,000,002 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2008/10/22 22:57:47 | 000,001,755 | ---- | C] ()
Musician.INI -> C:\WINDOWS\Musician.INI -> [2008/10/20 16:20:02 | 000,000,054 | ---- | C] ()
CIV.INI -> C:\WINDOWS\CIV.INI -> [2008/08/13 19:20:20 | 000,000,091 | ---- | C] ()
ArtFfct.dll -> C:\WINDOWS\System32\ArtFfct.dll -> [2008/03/27 16:10:37 | 000,163,840 | ---- | C] ()
LXF3FXPU.DLL -> C:\WINDOWS\System32\LXF3FXPU.DLL -> [2008/02/02 22:47:10 | 000,032,768 | ---- | C] ()
LXF3PMON.DLL -> C:\WINDOWS\System32\LXF3PMON.DLL -> [2008/02/02 22:47:09 | 000,045,056 | ---- | C] ()
lxf3oem.dll -> C:\WINDOWS\System32\lxf3oem.dll -> [2008/02/02 22:47:06 | 000,036,864 | ---- | C] ()
LXF3PMRC.DLL -> C:\WINDOWS\System32\LXF3PMRC.DLL -> [2008/02/02 22:47:06 | 000,012,288 | ---- | C] ()
lxddrwrd.ini -> C:\WINDOWS\System32\lxddrwrd.ini -> [2008/02/02 22:42:07 | 000,000,044 | ---- | C] ()
LXDDinst.dll -> C:\WINDOWS\System32\LXDDinst.dll -> [2008/02/02 22:39:20 | 000,286,720 | ---- | C] ()
lxddcoin.dll -> C:\WINDOWS\System32\lxddcoin.dll -> [2008/02/02 22:36:05 | 000,344,064 | R--- | C] ()
lxddgrd.dll -> C:\WINDOWS\System32\lxddgrd.dll -> [2007/04/25 21:17:09 | 000,208,896 | ---- | C] ()
lxddcaps.dll -> C:\WINDOWS\System32\lxddcaps.dll -> [2007/01/23 13:40:03 | 000,065,536 | ---- | C] ()
lxdddrs.dll -> C:\WINDOWS\System32\lxdddrs.dll -> [2007/01/09 11:13:08 | 000,692,224 | ---- | C] ()
lxddcnv4.dll -> C:\WINDOWS\System32\lxddcnv4.dll -> [2006/10/06 12:08:04 | 000,069,632 | ---- | C] ()
WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2006/08/29 22:22:44 | 000,000,754 | ---- | C] ()
PFP120JPR.{PB -> C:\Documents and Settings\Derrick Stuart\Application Data\PFP120JPR.{PB -> [2006/07/04 00:18:21 | 000,061,678 | ---- | C] ()
PFP120JCM.{PB -> C:\Documents and Settings\Derrick Stuart\Application Data\PFP120JCM.{PB -> [2006/07/04 00:18:21 | 000,012,358 | ---- | C] ()
fusioncache.dat -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\fusioncache.dat -> [2006/06/22 23:47:10 | 000,000,137 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2006/06/12 01:21:51 | 000,049,664 | ---- | C] ()
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2006/05/24 22:48:50 | 000,006,686 | -HS- | C] ()
lxddvs.dll -> C:\WINDOWS\System32\lxddvs.dll -> [2006/05/17 21:47:12 | 000,040,960 | ---- | C] ()
atid.ini -> C:\WINDOWS\atid.ini -> [2006/05/13 17:53:29 | 000,000,028 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/05/04 02:58:20 | 000,000,061 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/05/04 02:54:11 | 000,000,126 | ---- | C] ()
DellSystemRestore.dll -> C:\WINDOWS\System32\DellSystemRestore.dll -> [2006/05/04 02:45:23 | 000,712,704 | ---- | C] ()
e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [2006/05/04 02:15:22 | 000,012,288 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/05/04 02:15:22 | 000,000,392 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/11/10 08:56:34 | 000,000,000 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()

[File - Lop Check]
AIM -> C:\Documents and Settings\All Users\Application Data\AIM -> [2010/10/20 22:24:22 | 000,000,000 | ---D | M]
Geek Squad -> C:\Documents and Settings\All Users\Application Data\Geek Squad -> [2009/10/10 08:46:29 | 000,000,000 | ---D | M]
IK Multimedia -> C:\Documents and Settings\All Users\Application Data\IK Multimedia -> [2008/12/31 19:44:34 | 000,000,000 | ---D | M]
Last.fm -> C:\Documents and Settings\All Users\Application Data\Last.fm -> [2008/03/17 20:14:52 | 000,000,000 | ---D | M]
PACE Anti-Piracy -> C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy -> [2009/12/27 19:00:34 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\All Users\Application Data\Propellerhead Software -> [2008/10/20 19:09:25 | 000,000,000 | ---D | M]
Sony -> C:\Documents and Settings\All Users\Application Data\Sony -> [2006/12/30 03:34:21 | 000,000,000 | ---D | M]
Soulseek -> C:\Documents and Settings\All Users\Application Data\Soulseek -> [2010/11/24 01:57:51 | 000,000,000 | ---D | M]
STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2010/11/01 22:16:42 | 000,000,000 | ---D | M]
SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft -> [2008/02/10 19:55:29 | 000,000,000 | ---D | M]
TuneUp Software -> C:\Documents and Settings\All Users\Application Data\TuneUp Software -> [2009/10/10 10:39:47 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/10/15 20:19:45 | 000,000,000 | ---D | M]
{55A29068-F2CE-456C-9148-C869879E2357} -> C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} -> [2009/10/10 10:38:59 | 000,000,000 | -HSD | M]
{755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2010/01/06 23:06:18 | 000,000,000 | ---D | M]
{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA} -> C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA} -> [2010/10/30 22:20:51 | 000,000,000 | -H-D | M]
acccore -> C:\Documents and Settings\Derrick Stuart\Application Data\acccore -> [2006/05/13 18:02:36 | 000,000,000 | ---D | M]
Antares -> C:\Documents and Settings\Derrick Stuart\Application Data\Antares -> [2009/12/27 18:38:37 | 000,000,000 | ---D | M]
AVGTOOLBAR -> C:\Documents and Settings\Derrick Stuart\Application Data\AVGTOOLBAR -> [2010/11/14 16:42:51 | 000,000,000 | ---D | M]
BitTorrent -> C:\Documents and Settings\Derrick Stuart\Application Data\BitTorrent -> [2010/11/23 12:28:02 | 000,000,000 | ---D | M]
ICQ -> C:\Documents and Settings\Derrick Stuart\Application Data\ICQ -> [2008/01/19 23:21:07 | 000,000,000 | ---D | M]
Lexmark Productivity Studio -> C:\Documents and Settings\Derrick Stuart\Application Data\Lexmark Productivity Studio -> [2008/02/02 23:01:06 | 000,000,000 | ---D | M]
NetMedia Providers -> C:\Documents and Settings\Derrick Stuart\Application Data\NetMedia Providers -> [2006/12/30 04:02:08 | 000,000,000 | ---D | M]
PACE Anti-Piracy -> C:\Documents and Settings\Derrick Stuart\Application Data\PACE Anti-Piracy -> [2009/12/27 19:00:34 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\Derrick Stuart\Application Data\Propellerhead Software -> [2008/10/20 21:59:24 | 000,000,000 | ---D | M]
Publish Providers -> C:\Documents and Settings\Derrick Stuart\Application Data\Publish Providers -> [2007/01/05 16:18:24 | 000,000,000 | ---D | M]
REAPER -> C:\Documents and Settings\Derrick Stuart\Application Data\REAPER -> [2009/11/12 00:09:57 | 000,000,000 | ---D | M]
Sony -> C:\Documents and Settings\Derrick Stuart\Application Data\Sony -> [2008/10/20 21:06:45 | 000,000,000 | ---D | M]
Steinberg -> C:\Documents and Settings\Derrick Stuart\Application Data\Steinberg -> [2009/03/08 12:07:34 | 000,000,000 | ---D | M]
TuneUp Software -> C:\Documents and Settings\Derrick Stuart\Application Data\TuneUp Software -> [2009/10/10 10:40:59 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\Derrick Stuart\Application Data\Viewpoint -> [2007/02/15 11:21:23 | 000,000,000 | ---D | M]
AVGTOOLBAR -> C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR -> [2009/06/26 23:53:07 | 000,000,000 | ---D | M]
Beanbag Studios -> C:\Documents and Settings\Visitor\Application Data\Beanbag Studios -> [2009/08/09 17:21:41 | 000,000,000 | ---D | M]
Propellerhead Software -> C:\Documents and Settings\Visitor\Application Data\Propellerhead Software -> [2009/08/09 23:37:12 | 000,000,000 | ---D | M]

[File - Purity Scan]

< End of report >

#53
gravitysrainbow

Posted 27 November 2010 - 04:52 PM

Member

Topic Starter
Member
37 posts

SYSTEM3 fix #2:

All Processes Killed
[Driver Services - Safe List]
Error: No service named 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys was found to stop!
Service\Driver key 浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found.
File C:\WINDOWS\System32\drivers\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys.sys not found.
Error: No service named 浍湉ဈﾷ￠联�ﾶ�ﾶ was found to stop!
Service\Driver key 浍湉ဈﾷ￠联�ﾶ�ﾶ not found.
File C:\WINDOWS\SYSTEM32\DRIVERS\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found.
Error: No service named B�竓瞥 was found to stop!
Service\Driver key B�竓瞥 not found.
File C:\WINDOWS\SYSTEM32\DRIVERS\B�竓瞥.sys not found.
[Registry - Safe List]
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\Contains\Files\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
[Files/Folders - Created Within 30 Days]
File C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} not found!
[Files/Folders - Unicode - All]
File C:\WINDOWS\System32\drivers\B�竓瞥.sys not found!
File C:\WINDOWS\System32\drivers\B�竓瞥.sys not found!
File C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found!
File C:\WINDOWS\System32\drivers\浍湉ဈﾷ￠联�ﾶ�ﾶ.sys not found!
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IRENE STUART
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 25814520 bytes
->Flash cache emptied: 768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 25.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: IRENE STUART
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.40.1 fix logfile created on 11272010_174527

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#54
Essexboy

Posted 27 November 2010 - 05:08 PM

GeekU Moderator

Retired Staff
69,964 posts

OK the system 3 fix does not want to take, the code is changing somehow. So I will make a fix.txt

For system 3
Download this fix.txt to your desktop
press the run fix button
When asked for the location of the file navigate to the one downloaded
select it and press run fix

For system 1

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\] > -> 
YN -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: URLSearchHooks\\"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\: URLSearchHooks\\"*{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\FireFox\Profiles\yclq893r.default\prefs.js
YN -> keyword.URL -> "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q="
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[Files - No Company Name]
NY -> FxGoWinFu.dll -> C:\WINDOWS\System32\FxGoWinFu.dll
[File - Lop Check]
NY -> AVGTOOLBAR -> C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

#55
gravitysrainbow

Posted 27 November 2010 - 05:47 PM

Member

Topic Starter
Member
37 posts

SYSTEM1

All Processes Killed
[Registry - Safe List]
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry key HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry key HKEY_USERS\S-1-5-21-3065445413-633263300-2116048252-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Prefs.js: "http://supertoolbar....ocale=en_US&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared deleted successfully.
File C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED not found.
[Files - No Company Name]
C:\WINDOWS\System32\FxGoWinFu.dll moved successfully.
[File - Lop Check]
C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR folder moved successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Derrick Stuart
->Temp folder emptied: 24585 bytes
->Temporary Internet Files folder emptied: 145458 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56791272 bytes
->Flash cache emptied: 3011 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: Visitor
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3616 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 679893 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Derrick Stuart
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

User: Visitor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.40.1 fix logfile created on 11272010_181842

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#56
gravitysrainbow

Posted 27 November 2010 - 08:34 PM

Member

Topic Starter
Member
37 posts

SYSTEM2

OTS logfile created on: 11/27/2010 9:20:12 PM - Run 2
OTS by OldTimer - Version 3.1.40.1     Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 370.00 Mb Available Physical Memory | 73.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 139.67 Gb Free Space | 91.49% Space Free | Partition Type: NTFS
Drive D: | 167.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 37.27 Gb Total Space | 13.40 Gb Free Space | 35.95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PERSONALPC1
Current User Name: Lori
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Lori\Desktop\OTS.exe -> [2010/11/11 20:06:22 | 000,642,048 | ---- | M] (OldTimer Tools)
wrtray.exe -> C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe -> [2010/06/24 19:20:52 | 001,259,120 | ---- | M] (Webroot Software, Inc. )
wrconsumerservice.exe -> C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/06/24 19:16:40 | 002,998,560 | ---- | M] (Webroot Software, Inc. )
aei.exe -> C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe -> [2010/06/17 13:49:06 | 003,857,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
ssu.exe -> C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe -> [2010/06/17 13:48:58 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
soundman.exe -> C:\WINDOWS\SOUNDMAN.EXE -> [2003/06/10 05:12:28 | 000,055,296 | ---- | M] (Realtek Semiconductor Corp.)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Lori\Desktop\OTS.exe -> [2010/11/11 20:06:22 | 000,642,048 | ---- | M] (OldTimer Tools)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(AVG Security Toolbar Service) AVG Security Toolbar Service [Disabled | Stopped] ->  -> File not found
(WRConsumerService) Webroot Client Service [Auto | Running] -> C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -> [2010/06/24 19:16:40 | 002,998,560 | ---- | M] (Webroot Software, Inc. )
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running] -> C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -> [2010/06/17 13:49:06 | 003,857,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
 
[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\Lori\LOCALS~1\Temp\catchme.sys -> File not found
(IntelC52) IntelC52 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IntelC52.sys -> [2010/06/30 19:42:45 | 000,659,065 | R--- | M] (Intel Corporation)
(IntelC53) IntelC53 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IntelC53.sys -> [2010/06/30 19:42:45 | 000,061,541 | R--- | M] (Intel Corporation)
(mohfilt) mohfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mohfilt.sys -> [2010/06/30 19:42:45 | 000,036,984 | R--- | M] (Intel Corporation)
(IntelC51) IntelC51 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IntelC51.sys -> [2010/06/30 19:42:42 | 001,313,509 | R--- | M] (Intel Corporation)
(SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -> [2010/06/17 13:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSFMONM) Spy Sweeper File System Filter Driver [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\ssfmonm.sys -> [2010/06/17 13:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -> [2010/06/17 13:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com))
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2003/06/19 01:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\] > -> -> 
HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Lori\Application Data\Mozilla\FireFox\Profiles\g6hfyf7l.default\prefs.js -> 
browser.search.defaultenginename -> "AVG Secure Search" ->
browser.search.selectedEngine -> "AVG Secure Search" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> [email protected]:3.9.1.14019 ->
network.proxy.type -> 0 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Lori\Application Data\Mozilla\FireFox\Profiles\g6hfyf7l.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/10/28 20:43:24 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/10/27 19:34:21 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Lori\Application Data\Mozilla\Extensions -> [2010/07/11 20:05:54 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions -> [2010/11/27 08:06:06 | 000,000,000 | ---D | M]
Yahoo! Toolbar   -> C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/07/28 00:21:25 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\extensions\[email protected] -> [2010/10/19 06:08:26 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/11/27 08:06:06 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/07/28 00:20:56 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/11/18 21:18:07 | 000,000,784 | ---- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
127.0.0.1 www.google-analytics.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2010/09/28 21:44:28 | 001,400,712 | ---- | M] (Ask)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SoundMan" -> C:\WINDOWS\SOUNDMAN.EXE ["SOUNDMAN.EXE"] -> [2003/06/10 05:12:28 | 000,055,296 | ---- | M] (Realtek Semiconductor Corp.)
"WebrootTrayApp" -> C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe ["C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"] -> [2010/06/24 19:20:52 | 001,259,120 | ---- | M] (Webroot Software, Inc. )
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> 
< Lori Startup Folder > -> C:\Documents and Settings\Lori\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\] > -> HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-117609710-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278074999512 [WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278075327406 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{C40866DF-B1F9-49DE-A2F5-8C6AF6512A6F}\\DhcpNameServer -> 192.168.2.1   (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2003/04/06 10:06:48 | 000,315,392 | ---- | M] (Intel Corporation)
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
indows.common-controls_6595b641 ->  -> File not found
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2010/04/12 20:18:34 | 000,655,160 | ---- | M] (BitTorrent, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2010/06/30 19:01:21 | 000,000,000 | ---- | M] ()
D:\AUTORUN.INF [[autorun] | OPEN=install.exe | ICON=installer.ico | ] -> D:\AUTORUN.INF [ UDF ] -> [2010/06/23 14:19:29 | 000,000,049 | R--- | M] ()
E:\AUTOEXEC.BAT [] -> E:\AUTOEXEC.BAT [ NTFS ] -> [2003/11/20 20:05:59 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 10/29/2010 10:56:45 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
Application [ Error ] 10/29/2010 10:56:45 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
Application [ Error ] 10/29/2010 11:29:03 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established  
Application [ Error ] 10/29/2010 11:29:03 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
Application [ Error ] 10/29/2010 11:29:04 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
Application [ Error ] 10/29/2010 11:29:04 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
Application [ Error ] 10/30/2010 11:31:09 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established  
Application [ Error ] 10/30/2010 11:31:09 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
Application [ Error ] 10/30/2010 11:31:09 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
Application [ Error ] 10/30/2010 11:31:09 PM Computer Name = PERSONALPC1 | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.  
System [ Error ] 11/6/2010 8:11:39 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262189 -> Description = The system could not sucessfully load the crash dump driver.
System [ Error ] 11/6/2010 8:11:39 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262193 -> Description = Configuring the Page file for crash dump failed. Make sure there is a page  file on the boot partition and that is large enough to contain all physical  memory.
System [ Error ] 11/6/2010 8:16:39 PM Computer Name = PERSONALPC1 | Source = DCOM | ID = 10010 -> Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
System [ Error ] 11/6/2010 8:19:29 PM Computer Name = PERSONALPC1 | Source = Service Control Manager | ID = 7032 -> Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:   %%1056
System [ Error ] 11/6/2010 8:21:08 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262189 -> Description = The system could not sucessfully load the crash dump driver.
System [ Error ] 11/6/2010 8:21:08 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262193 -> Description = Configuring the Page file for crash dump failed. Make sure there is a page  file on the boot partition and that is large enough to contain all physical  memory.
System [ Error ] 11/6/2010 8:24:05 PM Computer Name = PERSONALPC1 | Source = Service Control Manager | ID = 7032 -> Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:   %%1056
System [ Error ] 11/6/2010 8:30:39 PM Computer Name = PERSONALPC1 | Source = Service Control Manager | ID = 7032 -> Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:   %%1056
System [ Error ] 11/6/2010 8:32:08 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262189 -> Description = The system could not sucessfully load the crash dump driver.
System [ Error ] 11/6/2010 8:32:08 PM Computer Name = PERSONALPC1 | Source = Ftdisk | ID = 262193 -> Description = Configuring the Page file for crash dump failed. Make sure there is a page  file on the boot partition and that is large enough to contain all physical  memory.
 
[Files/Folders - Created Within 30 Days]
 RECYCLER -> C:\RECYCLER -> [2010/11/19 18:51:50 | 000,000,000 | -HSD | C]
 _OTL -> C:\_OTL -> [2010/11/19 18:48:49 | 000,000,000 | ---D | C]
 OTL.exe -> C:\Documents and Settings\Lori\Desktop\OTL.exe -> [2010/11/18 21:23:26 | 000,575,488 | ---- | C] (OldTimer Tools)
 temp -> C:\WINDOWS\temp -> [2010/11/13 22:44:53 | 000,000,000 | ---D | C]
 _OTS -> C:\_OTS -> [2010/11/12 18:52:07 | 000,000,000 | ---D | C]
 tdsskiller -> C:\Documents and Settings\Lori\Desktop\tdsskiller -> [2010/11/11 20:12:24 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\Lori\Application Data\Malwarebytes -> [2010/11/11 20:08:33 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/11/11 20:08:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/11/11 20:08:09 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/11/11 20:08:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/11/11 20:08:07 | 000,000,000 | ---D | C]
 OTS.exe -> C:\Documents and Settings\Lori\Desktop\OTS.exe -> [2010/11/11 20:06:21 | 000,642,048 | ---- | C] (OldTimer Tools)
 mbam-setup-1.46.exe -> C:\Documents and Settings\Lori\Desktop\mbam-setup-1.46.exe -> [2010/11/11 20:06:01 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    )
 cmdcons -> C:\cmdcons -> [2010/11/07 15:36:20 | 000,000,000 | RHSD | C]
 Free Window Registry Repair -> C:\Program Files\Free Window Registry Repair -> [2010/11/07 15:18:18 | 000,000,000 | ---D | C]
 Combo-Fix -> C:\Combo-Fix -> [2010/11/07 13:06:47 | 000,000,000 | ---D | C]
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/11/06 21:13:18 | 000,031,232 | ---- | C] (NirSoft)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/11/06 21:13:17 | 000,212,480 | ---- | C] (SteelWerX)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/11/06 21:13:17 | 000,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/11/06 21:13:17 | 000,136,704 | ---- | C] (SteelWerX)
 ERDNT -> C:\WINDOWS\ERDNT -> [2010/11/06 21:12:58 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2010/11/06 21:12:21 | 000,000,000 | ---D | C]
 CSC -> C:\WINDOWS\CSC -> [2010/11/06 20:55:04 | 000,000,000 | -HSD | C]
 pss -> C:\WINDOWS\pss -> [2010/11/06 19:09:21 | 000,000,000 | ---D | C]
 ssidrv.sys -> C:\WINDOWS\System32\drivers\ssidrv.sys -> [2010/11/01 18:45:10 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
 ssfmonm.sys -> C:\WINDOWS\System32\drivers\ssfmonm.sys -> [2010/11/01 18:45:10 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
 sshrmd.sys -> C:\WINDOWS\System32\drivers\sshrmd.sys -> [2010/11/01 18:45:10 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com))
 Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/11/01 18:44:03 | 000,000,000 | ---D | C]
 Webroot -> C:\Program Files\Webroot -> [2010/11/01 18:40:42 | 000,000,000 | ---D | C]
 {94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> [2010/11/01 18:40:31 | 000,000,000 | -H-D | C]
 Webroot -> C:\Documents and Settings\All Users\Application Data\Webroot -> [2010/11/01 18:39:58 | 000,000,000 | ---D | C]
 PackageAware -> C:\Documents and Settings\Lori\Local Settings\Application Data\PackageAware -> [2010/11/01 18:39:53 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 popmartkmart1.JPG -> C:\Documents and Settings\Lori\My Documents\popmartkmart1.JPG -> [2034/05/22 18:03:26 | 000,065,536 | ---- | M] ()
 popmartkmart2.JPG -> C:\Documents and Settings\Lori\My Documents\popmartkmart2.JPG -> [2034/05/22 18:02:56 | 000,065,536 | ---- | M] ()
 washingtonsqpark.JPG -> C:\Documents and Settings\Lori\My Documents\washingtonsqpark.JPG -> [2034/05/22 17:55:58 | 000,065,536 | ---- | M] ()
 richard.JPG -> C:\Documents and Settings\Lori\My Documents\richard.JPG -> [2034/05/20 22:08:38 | 000,065,536 | ---- | M] ()
 midtownfromrcihards.JPG -> C:\Documents and Settings\Lori\My Documents\midtownfromrcihards.JPG -> [2034/05/20 17:56:30 | 000,065,536 | ---- | M] ()
 downtownfromrichard's.JPG -> C:\Documents and Settings\Lori\My Documents\downtownfromrichard's.JPG -> [2034/05/20 17:56:24 | 000,065,536 | ---- | M] ()
 empirestate.JPG -> C:\Documents and Settings\Lori\My Documents\empirestate.JPG -> [2034/05/20 16:10:28 | 000,065,536 | ---- | M] ()
 nynj.JPG -> C:\Documents and Settings\Lori\My Documents\nynj.JPG -> [2034/05/20 15:34:46 | 000,065,536 | ---- | M] ()
 senacaroxbridge.JPG -> C:\Documents and Settings\Lori\My Documents\senacaroxbridge.JPG -> [2034/04/22 12:54:48 | 000,654,536 | ---- | M] ()
 farmchurch.JPG -> C:\Documents and Settings\Lori\My Documents\farmchurch.JPG -> [2034/04/22 11:23:50 | 000,616,207 | ---- | M] ()
 jr rd.JPG -> C:\Documents and Settings\Lori\My Documents\jr rd.JPG -> [2034/04/22 11:19:32 | 000,332,059 | ---- | M] ()
 jr rd 1.JPG -> C:\Documents and Settings\Lori\My Documents\jr rd 1.JPG -> [2034/04/22 11:19:12 | 000,427,021 | ---- | M] ()
 jr rd 2.JPG -> C:\Documents and Settings\Lori\My Documents\jr rd 2.JPG -> [2034/04/22 11:18:54 | 000,336,465 | ---- | M] ()
 riverroad.JPG -> C:\Documents and Settings\Lori\My Documents\riverroad.JPG -> [2034/04/22 11:01:04 | 000,634,811 | ---- | M] ()
 riverroad2.JPG -> C:\Documents and Settings\Lori\My Documents\riverroad2.JPG -> [2034/04/22 11:00:48 | 000,527,189 | ---- | M] ()
 belington1.JPG -> C:\Documents and Settings\Lori\My Documents\belington1.JPG -> [2034/04/22 10:44:20 | 000,550,940 | ---- | M] ()
 belingtonschool.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonschool.JPG -> [2034/04/22 10:42:44 | 000,546,467 | ---- | M] ()
 belingtonriver.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonriver.JPG -> [2034/04/22 10:40:52 | 000,392,649 | ---- | M] ()
 belingtonbr1.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonbr1.JPG -> [2034/04/22 10:39:52 | 000,355,017 | ---- | M] ()
 belingtonbr2.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonbr2.JPG -> [2034/04/22 10:39:12 | 000,347,803 | ---- | M] ()
 belingtonriver1.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonriver1.JPG -> [2034/04/22 10:39:00 | 000,515,821 | ---- | M] ()
 belingtonriver2.JPG -> C:\Documents and Settings\Lori\My Documents\belingtonriver2.JPG -> [2034/04/22 10:38:14 | 000,605,534 | ---- | M] ()
 pentagon.JPG -> C:\Documents and Settings\Lori\My Documents\pentagon.JPG -> [2034/03/30 15:31:08 | 000,350,320 | ---- | M] ()
 washingtonmonument.JPG -> C:\Documents and Settings\Lori\My Documents\washingtonmonument.JPG -> [2034/03/30 15:06:00 | 000,419,339 | ---- | M] ()
 dc2.JPG -> C:\Documents and Settings\Lori\My Documents\dc2.JPG -> [2034/03/30 15:02:10 | 000,237,365 | ---- | M] ()
 dc1.JPG -> C:\Documents and Settings\Lori\My Documents\dc1.JPG -> [2034/03/30 15:01:18 | 000,241,357 | ---- | M] ()
 arlington.JPG -> C:\Documents and Settings\Lori\My Documents\arlington.JPG -> [2034/03/30 14:33:06 | 000,325,319 | ---- | M] ()
 dcpot1.JPG -> C:\Documents and Settings\Lori\My Documents\dcpot1.JPG -> [2034/03/30 14:32:30 | 000,356,994 | ---- | M] ()
 amish.JPG -> C:\Documents and Settings\Lori\My Documents\amish.JPG -> [2034/03/29 17:22:20 | 000,292,238 | ---- | M] ()
 harrisonburg2.JPG -> C:\Documents and Settings\Lori\My Documents\harrisonburg2.JPG -> [2034/03/29 17:12:20 | 000,539,244 | ---- | M] ()
 harrisonburgder1.JPG -> C:\Documents and Settings\Lori\My Documents\harrisonburgder1.JPG -> [2034/03/29 17:12:08 | 000,400,731 | ---- | M] ()
 harrisonburg.JPG -> C:\Documents and Settings\Lori\My Documents\harrisonburg.JPG -> [2034/03/29 17:11:38 | 000,359,846 | ---- | M] ()
 derrickireland.JPG -> C:\Documents and Settings\Lori\My Documents\derrickireland.JPG -> [2034/03/07 21:06:50 | 000,481,887 | ---- | M] ()
 Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/27 21:01:00 | 000,000,232 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/11/26 22:55:48 | 000,002,206 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/26 22:55:20 | 000,002,048 | --S- | M] ()
 install_flash_player.exe -> C:\Documents and Settings\Lori\Desktop\install_flash_player.exe -> [2010/11/26 22:21:52 | 002,790,864 | ---- | M] (Adobe Systems, Inc.)
 evehewson2.gif -> C:\Documents and Settings\Lori\Desktop\evehewson2.gif -> [2010/11/24 17:55:46 | 001,108,924 | ---- | M] ()
 clintonchina.rtf -> C:\Documents and Settings\Lori\Desktop\clintonchina.rtf -> [2010/11/23 00:00:42 | 000,003,543 | ---- | M] ()
 OTL.exe -> C:\Documents and Settings\Lori\Desktop\OTL.exe -> [2010/11/18 21:23:27 | 000,575,488 | ---- | M] (OldTimer Tools)
 boot.ini -> C:\boot.ini -> [2010/11/16 20:30:23 | 000,000,327 | RHS- | M] ()
 computerfix1.rtf -> C:\Documents and Settings\Lori\Desktop\computerfix1.rtf -> [2010/11/14 22:05:09 | 000,010,032 | ---- | M] ()
 HelpAsst_mebroot_fix.exe -> C:\Documents and Settings\Lori\Desktop\HelpAsst_mebroot_fix.exe -> [2010/11/14 22:03:27 | 000,490,232 | ---- | M] ()
 ComboFix.exe -> C:\Documents and Settings\Lori\Desktop\ComboFix.exe -> [2010/11/12 19:02:14 | 003,908,597 | R--- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/11 20:08:17 | 000,000,696 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Lori\Desktop\OTS.exe -> [2010/11/11 20:06:22 | 000,642,048 | ---- | M] (OldTimer Tools)
 mbam-setup-1.46.exe -> C:\Documents and Settings\Lori\Desktop\mbam-setup-1.46.exe -> [2010/11/11 20:06:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    )
 tdsskiller.zip -> C:\Documents and Settings\Lori\Desktop\tdsskiller.zip -> [2010/11/11 20:05:25 | 001,215,581 | ---- | M] ()
 bigguy.jpg -> C:\Documents and Settings\Lori\My Documents\bigguy.jpg -> [2010/11/08 18:18:38 | 000,090,250 | ---- | M] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/08 01:20:24 | 000,089,088 | ---- | M] ()
 Free Window Registry Repair.lnk -> C:\Documents and Settings\Lori\Desktop\Free Window Registry Repair.lnk -> [2010/11/07 15:18:19 | 000,000,718 | ---- | M] ()
 RegpairSetup.exe -> C:\Documents and Settings\Lori\Desktop\RegpairSetup.exe -> [2010/11/07 15:09:05 | 000,798,000 | ---- | M] ()
 Boot.bak -> C:\Boot.bak -> [2010/11/07 15:01:00 | 000,000,210 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/07 09:38:16 | 000,311,934 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/07 09:38:16 | 000,040,196 | ---- | M] ()
 Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/11/01 18:40:47 | 000,001,968 | ---- | M] ()
 
[Files - No Company Name]
 evehewson2.gif -> C:\Documents and Settings\Lori\Desktop\evehewson2.gif -> [2010/11/24 17:55:36 | 001,108,924 | ---- | C] ()
 clintonchina.rtf -> C:\Documents and Settings\Lori\Desktop\clintonchina.rtf -> [2010/11/23 00:00:42 | 000,003,543 | ---- | C] ()
 mbr.log -> C:\Documents and Settings\Lori\mbr.log -> [2010/11/14 22:06:25 | 000,000,314 | ---- | C] ()
 HelpAsst_mebroot_fix.exe -> C:\Documents and Settings\Lori\Desktop\HelpAsst_mebroot_fix.exe -> [2010/11/14 22:03:26 | 000,490,232 | ---- | C] ()
 ComboFix.exe -> C:\Documents and Settings\Lori\Desktop\ComboFix.exe -> [2010/11/12 19:01:31 | 003,908,597 | R--- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/11 20:08:17 | 000,000,696 | ---- | C] ()
 computerfix1.rtf -> C:\Documents and Settings\Lori\Desktop\computerfix1.rtf -> [2010/11/11 20:07:03 | 000,010,032 | ---- | C] ()
 tdsskiller.zip -> C:\Documents and Settings\Lori\Desktop\tdsskiller.zip -> [2010/11/11 20:05:19 | 001,215,581 | ---- | C] ()
 bigguy.jpg -> C:\Documents and Settings\Lori\My Documents\bigguy.jpg -> [2010/11/08 18:18:34 | 000,090,250 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2010/11/07 15:36:25 | 000,000,210 | ---- | C] ()
 cmldr -> C:\cmldr -> [2010/11/07 15:36:22 | 000,260,272 | RHS- | C] ()
 Free Window Registry Repair.lnk -> C:\Documents and Settings\Lori\Desktop\Free Window Registry Repair.lnk -> [2010/11/07 15:18:19 | 000,000,718 | ---- | C] ()
 RegpairSetup.exe -> C:\Documents and Settings\Lori\Desktop\RegpairSetup.exe -> [2010/11/07 15:09:04 | 000,798,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/06 21:13:18 | 000,089,088 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/11/06 21:13:17 | 000,256,512 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2010/11/06 21:13:17 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2010/11/06 21:13:17 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2010/11/06 21:13:17 | 000,068,096 | ---- | C] ()
 wrLZMA.dll -> C:\WINDOWS\System32\wrLZMA.dll -> [2010/11/01 18:45:19 | 000,030,424 | ---- | C] ()
 SsiEfr.exe -> C:\WINDOWS\System32\SsiEfr.exe -> [2010/11/01 18:45:19 | 000,017,472 | ---- | C] ()
 Webroot AntiVirus with Spy Sweeper.lnk -> C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk -> [2010/11/01 18:40:47 | 000,001,968 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Lori\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/08/05 22:13:05 | 000,024,576 | ---- | C] ()
 WINCMD.INI -> C:\WINDOWS\WINCMD.INI -> [2010/07/10 01:51:59 | 000,000,289 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2010/07/02 09:44:17 | 000,000,376 | ---- | C] ()
 usrwiz.ini -> C:\WINDOWS\usrwiz.ini -> [2010/06/30 19:20:17 | 000,000,096 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2010/06/30 14:57:01 | 000,004,161 | ---- | C] ()
 OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 14:07:42 | 000,403,816 | ---- | C] ()
 
[File - Lop Check]
 AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> [2010/11/06 19:30:02 | 000,000,000 | ---D | M]
 {94E7A161-5A7B-460F-BD45-76DE70D977A9} -> C:\Documents and Settings\All Users\Application Data\{94E7A161-5A7B-460F-BD45-76DE70D977A9} -> [2010/11/01 18:40:52 | 000,000,000 | -H-D | M]
 BitTorrent -> C:\Documents and Settings\Guest\Application Data\BitTorrent -> [2010/09/19 17:45:10 | 000,000,000 | ---D | M]
 AVGTOOLBAR -> C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR -> [2010/09/24 23:18:57 | 000,000,000 | ---D | M]
 BitTorrent -> C:\Documents and Settings\Lori\Application Data\BitTorrent -> [2010/08/07 22:40:37 | 000,000,000 | ---D | M]
 Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job -> [2010/11/27 21:01:00 | 000,000,232 | ---- | M] ()
 
[File - Purity Scan]
 
< End of report >

#57
Essexboy

Posted 28 November 2010 - 05:48 AM

GeekU Moderator

Retired Staff
69,964 posts

This system has some jpg files dated 2034 ? Could you confirm that you are aware of them and know their origin :

C:\Documents and Settings\Lori\My Documents\washingtonsqpark.JPG

plus a few others they appear to be titled as various places in Washington

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Win32 Services - Safe List] 
YN -> (AVG Security Toolbar Service) AVG Security Toolbar Service [Disabled | Stopped] -> 
[Registry - Safe List] 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Lori\Application Data\Mozilla\FireFox\Profiles\g6hfyf7l.default\prefs.js
YN -> browser.search.defaultenginename -> "AVG Secure Search"
YN -> browser.search.selectedEngine -> "AVG Secure Search"
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages
YN -> indows.common-controls_6595b641 -> 
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages
[Files/Folders - Modified Within 30 Days] 
NY ->  pentagon.JPG -> C:\Documents and Settings\Lori\My Documents\pentagon.JPG
[File - Lop Check] 
NY ->  AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
NY ->  AVGTOOLBAR -> C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

#58
gravitysrainbow

Posted 28 November 2010 - 08:53 PM

Member

Topic Starter
Member
37 posts

I do remember taking those pictures myself, albeit in 2004 and not 24 years into the future. I believe my digital camera at the time had problems with its internal dating.

Here's the log:

All Processes Killed
[Win32 Services - Safe List]
Service AVG Security Toolbar Service stopped successfully!
[Registry - Safe List]
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:indows.common-controls_6595b641 deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Lori\My Documents\pentagon.JPG moved successfully.
[File - Lop Check]
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR folder moved successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Lori
->Temp folder emptied: 1619579 bytes
->Temporary Internet Files folder emptied: 33390 bytes
->Java cache emptied: 4282 bytes
->FireFox cache emptied: 101356996 bytes
->Flash cache emptied: 5773 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33273 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 98.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: Lori
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.40.1 fix logfile created on 11282010_214529

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#59
Essexboy

Posted 29 November 2010 - 02:00 PM

GeekU Moderator

Retired Staff
69,964 posts

Are the redirects still apparent ? Are they in both FF and IE ?

#60
gravitysrainbow

Posted 30 November 2010 - 08:56 PM

Member

Topic Starter
Member
37 posts

Both, unfortunately. :/
Strangely enough all of the sudden SYSTEM3 seems to have it bad, when I thought that computer was mostly cured. Got some nasty ones, including a redirect to a phony windowsdefender message.