Systems Tools download

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Systems Tools download

#1 PrincessLeia

Group: Member
Posts: 43
Joined: 11-June 10

Posted 27 February 2011 - 03:40 PM

System tools (a fake anti-spyware) was accidentally downloaded onto our desktop computer and I am wondering how to best get rid of it. I attempted to run ERUNT and then OTM, but while trying to open OTM it was blocked. Then I tried AVG and that is getting nowhere. After that I tried OLT but while it was downloading the spyware blocked it.

I noticed that someone else had a similar problem and was given advice to follow, which would involve having me download information and program onto a cd and then using it to download into my desktop. Right now I am using a different computer with a totally different operating system to get that information. Should I do what the other person was instructed to?

This spyware is telling me that I need to pay something, and when I attempt to run my antivirus or my own spysweeper, it gets nowhere.

#2 Essexboy

Group: GeekU Moderator
Posts: 55,491
Joined: 31-May 06

Posted 27 February 2011 - 04:05 PM

Hi there lets try the following first

Hi lets try this first, if it fails go to Plan B

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop
[attachment=48084:scan.txt]
Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Posted Image

Then select Start OTL. OTL will now run

Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
Select Scan.txt that you downloaded
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Click the Internet Explorer button, post these logs in your Virus Removal topic.

Plan B

Download Rkill from here : there are several flavours to choose from, if one does not work then try the next

* rkill.com
* rkill.scr
* rkill.pif

Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above

We now have a plan C as well

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Then try OTL

Please post the contents of the RKreport.txt in your next Reply.

#3 PrincessLeia

Group: Member
Posts: 43
Joined: 11-June 10

Posted 27 February 2011 - 05:18 PM

Thanks for the options. It was so bad that I had to resort to the last option, which was renaming Rogue and then running it, and then running OTL.

OTL logfile created on: 2/27/2011 5:08:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Jeremiah Schumacher\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.09 Gb Free Space | 73.92% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.14 Gb Free Space | 54.06% Space Free | Partition Type: FAT32

Computer Name: JEREMIAH-KF1Y8X | User Name: Jeremiah Schumacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 16:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
PRC - [2009/03/31 21:13:07 | 000,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/02/27 16:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/20 15:58:15 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/10/07 05:33:18 | 000,711,320 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/03 03:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/03 02:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/03/31 21:13:07 | 000,341,256 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/09/22 21:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) [Auto | Stopped] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/04/13 18:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2006/05/12 20:17:24 | 001,123,008 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2001/08/06 05:41:48 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)

========== Driver Services (SafeList) ==========

DRV - [2010/07/30 11:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/30 11:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/30 11:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/05 09:20:02 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/05 09:19:56 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/05 09:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/06/12 01:01:40 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/06 11:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 11:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 11:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/03/31 21:13:15 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/03/31 21:13:14 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/05/12 20:17:24 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/02/26 11:17:58 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2002/06/06 11:08:38 | 000,337,536 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 16:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/04/11 12:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 07:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 07:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 07:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 07:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 07:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 07:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 07:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 07:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 07:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2000/10/25 06:27:24 | 000,003,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.pbs.org/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a298ed31-d405-40e2-880f-b7511948e582}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/09 12:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/03 17:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 03:17:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/24 00:21:23 | 000,000,000 | ---D | M]

[2008/09/01 17:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Extensions
[2011/02/17 18:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions
[2010/11/23 09:35:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/13 17:37:09 | 000,000,000 | ---D | M] (SporTV Toolbar) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{a298ed31-d405-40e2-880f-b7511948e582}
[2011/01/26 13:37:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/18 14:37:13 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\redshift_V2@shift-themes.com
[2011/02/20 23:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/24 22:11:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/24 00:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/01/03 17:54:17 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009/06/29 17:47:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/03/02 07:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2008/09/19 09:36:12 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/17 05:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/07/02 09:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll

O1 HOSTS File: ([2011/01/23 15:28:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\RunOnce: [nDmJeMg12900] C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe ()
O4 - Startup: C:\Documents and Settings\Jeremiah Schumacher\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernet...urferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by104fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1129561795437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalci...illama/ampx.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - https://www.mvrenewa...e.mn.us/dps.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - ® - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/12 13:56:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/07/22 19:52:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 17:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\RK_Quarantine
[2011/02/27 16:46:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
[2011/02/27 16:39:07 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTH.scr
[2011/02/27 14:22:16 | 098,074,484 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTLPEStd.exe
[2011/02/27 13:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900
[2011/01/29 10:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/29 10:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2011/02/27 16:57:59 | 000,001,680 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job
[2011/02/27 16:57:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/27 16:57:28 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/02/27 16:57:22 | 000,013,764 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/27 16:57:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/27 16:56:32 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/27 16:56:16 | 000,830,464 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\winlogon.exe
[2011/02/27 16:54:34 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.scr
[2011/02/27 16:53:25 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.com
[2011/02/27 16:51:08 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTH.scr
[2011/02/27 16:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
[2011/02/27 16:42:27 | 098,074,484 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTLPEStd.exe
[2011/02/27 16:40:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003UA.job
[2011/02/27 13:23:30 | 000,000,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmsshf.bin
[2011/02/26 17:40:09 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003Core.job
[2011/02/22 20:01:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/21 18:20:08 | 000,000,155 | ---- | M] () -- C:\WINDOWS\TmProxy.ini
[2011/02/21 18:20:08 | 000,000,155 | ---- | M] () -- C:\WINDOWS\TmPfw.ini
[2011/02/09 21:33:33 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 18:27:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/29 10:12:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/02/27 16:56:13 | 000,830,464 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\winlogon.exe
[2011/02/27 16:54:47 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.scr
[2011/02/27 16:53:28 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.com
[2011/02/27 14:25:16 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/21 18:20:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmProxy.ini
[2011/02/21 18:20:07 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmPfw.ini
[2011/01/29 10:12:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/27 20:35:18 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/20 15:44:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/07/28 09:32:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/09 03:26:58 | 000,041,504 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/03 17:35:49 | 000,164,960 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/01/03 17:35:49 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 18:54:53 | 000,146,510 | ---- | C] () -- C:\WINDOWS\hphins32.dat
[2009/07/22 18:54:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
[2008/09/18 14:50:41 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2007/04/13 16:42:27 | 000,001,530 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/27 06:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/26 21:30:03 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/26 21:13:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/06/09 19:20:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/09 19:20:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/21 11:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/05/09 19:24:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/05/09 19:24:14 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msikbd2k.sys
[2005/05/09 19:24:14 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/04/27 12:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/03/30 18:51:57 | 000,274,507 | ---- | C] () -- C:\WINDOWS\System32\FXMathLib.dll
[2005/02/27 10:18:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/22 09:08:14 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/02/22 09:08:14 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/02/22 09:08:00 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/02/22 09:08:00 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/02/22 09:07:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005/02/22 09:07:53 | 000,121,329 | R--- | C] () -- C:\WINDOWS\Cmuda.ini
[2005/02/22 09:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/02/22 09:07:50 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/02/22 09:07:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/02/22 09:04:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2005/02/22 08:58:11 | 000,003,000 | ---- | C] () -- C:\WINDOWS\System32\SetupNT.sys
[2005/02/14 15:35:11 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/14 10:34:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/12 15:02:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/12 14:26:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/12 14:24:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2005/02/12 13:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/12 13:53:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/10 04:03:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/10 04:02:09 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/31 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 06:00:00 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 06:00:00 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 12:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll

========== LOP Check ==========

[2008/12/09 12:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2008/12/09 12:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2009/01/29 13:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Harley-Davidson_ Race to the Rally Saves
[2006/01/21 11:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/05/09 16:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2008/12/09 12:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2005/08/18 17:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2008/10/24 13:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/02/27 13:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900
[2008/10/29 19:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/30 20:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/22 20:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/10/12 18:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Aim
[2008/02/25 15:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Centra
[2010/01/01 12:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/09/20 11:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HorizonWimba
[2006/01/21 11:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HotSync
[2006/01/24 11:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Leadertech
[2005/09/06 00:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Ohmay
[2007/04/12 19:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Professional
[2010/09/25 20:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Qeybl
[2008/02/25 15:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Saba
[2010/12/30 20:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\start
[2010/10/06 19:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\StreamTorrent
[2008/10/29 19:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Viewpoint
[2011/02/27 16:57:28 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/02/27 16:57:59 | 000,001,680 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 2/27/2011 5:08:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Jeremiah Schumacher\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.09 Gb Free Space | 73.92% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.14 Gb Free Space | 54.06% Space Free | Partition Type: FAT32

Computer Name: JEREMIAH-KF1Y8X | User Name: Jeremiah Schumacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Abacast\Abaclient.exe" = C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient -- (Abacast, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\SpywareDetector\LiveUpdateSD.exe" = C:\Program Files\SpywareDetector\LiveUpdateSD.exe:*:Enabled:Spyware Detector Liveupdate
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}" = Web Office Pro Keyboard
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 23
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D7B2217-6055-4678-8E99-3FBECD0F65F9}" = CinemaNow Media Manager
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4809d4c-1f28-41cc-8578-a72b75defb39}" = D2600
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E03F902A-7F44-430E-A2E8-8A745A25443D}" = SymNet
"{e382eb50-c5f2-42ca-bad0-901a12fc81ba}" = DJ_SF_05_D2600_Software_Min
"{EA6197F3-B467-4c70-B450-42D9E0C11400}" = HP Deskjet D2600 Printer Driver Software 12.0 Rel .5
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Battleship" = Battleship
"CentraClient" = Centra Client
"C-Media Audio" = C-Media 3D Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"dcmsvc_is1" = dcmsvc 1.0
"DMM" = TDK Digital MixMaster
"EXPRESSBURN" = Express Burn
"Global Trading System" = Global Trading System
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InCD!UninstallKey" = InCD (Ahead Software)
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero Express (Web installer)
"RealPlayer 6.0" = RealPlayer
"Registry Patrol v3.0" = Registry Patrol v3.0
"S3" = UniChrome IGP Driver and Utilities
"ShockwaveFlash" = Adobe Flash Player 9
"Shop for HP Supplies" = Shop for HP Supplies
"StreamTorrent 1.0" = StreamTorrent 1.0
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPMedic_is1" = XPMedic

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Client" = Abacast Client
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2011 4:22:03 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3469

Error - 2/6/2011 4:59:17 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/6/2011 4:59:17 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2239391

Error - 2/6/2011 4:59:17 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2239391

Error - 2/6/2011 4:59:20 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/6/2011 4:59:20 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2242657

Error - 2/6/2011 4:59:20 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2242657

Error - 2/26/2011 2:37:17 PM | Computer Name = JEREMIAH-KF1Y8X | Source = ESENT | ID = 490
Description = svchost (1560) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/26/2011 4:23:26 PM | Computer Name = JEREMIAH-KF1Y8X | Source = ESENT | ID = 490
Description = svchost (1560) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.chk"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/26/2011 4:23:26 PM | Computer Name = JEREMIAH-KF1Y8X | Source = ESENT | ID = 439
Description = Catalog Database (1560) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\edb.chk. Error -1032.

[ System Events ]
Error - 2/27/2011 6:58:12 PM | Computer Name = JEREMIAH-KF1Y8X | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WebrootSpySweeperService
with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}

Error - 2/27/2011 6:58:12 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7034
Description = The Webroot Client Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/27/2011 6:58:12 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7034
Description = The Netropa NHK Server service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/27/2011 6:58:12 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/27/2011 6:58:12 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7034
Description = The CinemaNow Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/27/2011 6:58:12 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/27/2011 6:58:12 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Central Control Component service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/27/2011 6:58:21 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%5

Error - 2/27/2011 6:58:42 PM | Computer Name = JEREMIAH-KF1Y8X | Source = DCOM | ID = 10010
Description = The server {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605} did not register
with DCOM within the required timeout.

Error - 2/27/2011 6:59:13 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

< End of report >

RogueKiller V4.0.0 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jeremiah Schumacher [Admin rights]
Mode: Scan -- Time : 27/02/2011 17:00:17

Bad processes: 1
[APPDATA/TEMP/DESKTOP] nDmJeMg12900.exe -- c:\documents and settings\all users\application data\ndmjemg12900\ndmjemg12900.exe -> KILLED

Registry Entries: 1
[APPDT/TMP/PF ROGUE] HKCU\[...]\RunOnce : nDmJeMg12900 (C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe) -> FOUND

HOSTS File:
ÿþ1

Finished

#4 PrincessLeia

Group: Member
Posts: 43
Joined: 11-June 10

Posted 27 February 2011 - 06:54 PM

Turns out the last option did not work. I rebooted the computer after running a malwarebite scan and the spyware is still present. I was able to run option A and came up with this:

OTL logfile created on: 2/27/2011 6:45:01 PM - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Jeremiah Schumacher\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.08 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.14 Gb Free Space | 54.06% Space Free | Partition Type: FAT32

Computer Name: JEREMIAH-KF1Y8X | User Name: Jeremiah Schumacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 16:51:08 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTH.scr
PRC - [2011/02/27 16:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr

========== Modules (SafeList) ==========

MOD - [2011/02/27 16:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/20 15:58:15 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/10/07 05:33:18 | 000,711,320 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/03 03:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/03 02:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/03/31 21:13:07 | 000,341,256 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/09/22 21:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) [Auto | Stopped] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/04/13 18:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2006/05/12 20:17:24 | 001,123,008 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2001/08/06 05:41:48 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)

========== Driver Services (SafeList) ==========

DRV - [2010/07/30 11:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/30 11:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/30 11:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/05 09:20:02 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/05 09:19:56 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/05 09:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/06/12 01:01:40 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/06 11:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 11:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 11:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/03/31 21:13:15 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/03/31 21:13:14 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/05/12 20:17:24 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/02/26 11:17:58 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2002/06/06 11:08:38 | 000,337,536 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 16:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/04/11 12:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 07:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 07:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 07:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 07:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 07:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 07:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 07:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 07:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 07:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2000/10/25 06:27:24 | 000,003,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.pbs.org/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a298ed31-d405-40e2-880f-b7511948e582}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/09 12:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/03 17:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 03:17:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/24 00:21:23 | 000,000,000 | ---D | M]

[2008/09/01 17:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Extensions
[2011/02/17 18:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions
[2010/11/23 09:35:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/13 17:37:09 | 000,000,000 | ---D | M] (SporTV Toolbar) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{a298ed31-d405-40e2-880f-b7511948e582}
[2011/01/26 13:37:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/18 14:37:13 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\redshift_V2@shift-themes.com
[2011/02/20 23:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/24 22:11:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/24 00:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/01/03 17:54:17 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009/06/29 17:47:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/03/02 07:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2008/09/19 09:36:12 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/17 05:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/07/02 09:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll

O1 HOSTS File: ([2011/01/23 15:28:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Security\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\RunOnce: [nDmJeMg12900] C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe ()
O4 - Startup: C:\Documents and Settings\Jeremiah Schumacher\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernet...urferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by104fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1129561795437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalci...illama/ampx.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - https://www.mvrenewa...e.mn.us/dps.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - ® - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/12 13:56:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/07/22 19:52:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

MsConfig - Services: "Symantec Core LC"
MsConfig - Services: "SPBBCSvc"
MsConfig - Services: "SNDSrvc"
MsConfig - Services: "SAVScan"
MsConfig - Services: "NSCService"
MsConfig - Services: "navapsvc"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccProxy"
MsConfig - Services: "ccISPwdSvc"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "Automatic LiveUpdate Scheduler"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: ccApp - hkey= - key= - File not found
MsConfig - StartUpReg: Cmaudio - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\ahead\InCD\InCD.exe (Copyright © ahead software gmbh and its licensors)
MsConfig - StartUpReg: MULTIMEDIA KEYBOARD - hkey= - key= - C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe (Netropa Corp.)
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: POINTER - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: ViewMgr - hkey= - key= - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
MsConfig - StartUpReg: VTTimer - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: svcWRSSSDK - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: klmdb.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: svcWRSSSDK - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 17:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\RK_Quarantine
[2011/02/27 16:46:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
[2011/02/27 16:39:07 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTH.scr
[2011/02/27 14:22:16 | 098,074,484 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTLPEStd.exe
[2011/02/27 13:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900
[2011/01/29 10:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/29 10:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2011/02/27 18:42:30 | 000,830,464 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\winlogon.exe.exe
[2011/02/27 18:40:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003UA.job
[2011/02/27 18:32:38 | 000,001,680 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job
[2011/02/27 18:32:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/27 18:32:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/02/27 18:31:58 | 000,013,764 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/27 18:31:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/27 17:40:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003Core.job
[2011/02/27 16:56:32 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/27 16:54:34 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.scr
[2011/02/27 16:53:25 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.com
[2011/02/27 16:51:08 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTH.scr
[2011/02/27 16:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
[2011/02/27 16:42:27 | 098,074,484 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTLPEStd.exe
[2011/02/27 13:23:30 | 000,000,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmsshf.bin
[2011/02/22 20:01:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/21 18:20:08 | 000,000,155 | ---- | M] () -- C:\WINDOWS\TmProxy.ini
[2011/02/21 18:20:08 | 000,000,155 | ---- | M] () -- C:\WINDOWS\TmPfw.ini
[2011/02/09 21:33:33 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 18:27:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/29 10:12:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/02/27 18:42:38 | 000,830,464 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\winlogon.exe.exe
[2011/02/27 16:54:47 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.scr
[2011/02/27 16:53:28 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.com
[2011/02/27 14:25:16 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/21 18:20:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmProxy.ini
[2011/02/21 18:20:07 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmPfw.ini
[2011/01/29 10:12:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/27 20:35:18 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/20 15:44:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/07/28 09:32:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/09 03:26:58 | 000,041,504 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/03 17:35:49 | 000,164,960 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/01/03 17:35:49 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 18:54:53 | 000,146,510 | ---- | C] () -- C:\WINDOWS\hphins32.dat
[2009/07/22 18:54:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
[2008/09/18 14:50:41 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2007/04/13 16:42:27 | 000,001,530 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/27 06:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/26 21:30:03 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/26 21:13:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/06/09 19:20:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/09 19:20:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/21 11:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/05/09 19:24:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/05/09 19:24:14 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msikbd2k.sys
[2005/05/09 19:24:14 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/04/27 12:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/03/30 18:51:57 | 000,274,507 | ---- | C] () -- C:\WINDOWS\System32\FXMathLib.dll
[2005/02/27 10:18:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/22 09:08:14 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/02/22 09:08:14 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/02/22 09:08:00 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/02/22 09:08:00 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/02/22 09:07:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005/02/22 09:07:53 | 000,121,329 | R--- | C] () -- C:\WINDOWS\Cmuda.ini
[2005/02/22 09:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/02/22 09:07:50 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/02/22 09:07:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/02/22 09:04:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2005/02/22 08:58:11 | 000,003,000 | ---- | C] () -- C:\WINDOWS\System32\SetupNT.sys
[2005/02/14 15:35:11 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/14 10:34:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/12 15:02:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/12 14:26:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/12 14:24:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2005/02/12 13:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/12 13:53:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/10 04:03:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/10 04:02:09 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/31 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 06:00:00 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 06:00:00 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 12:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll

========== LOP Check ==========

[2008/12/09 12:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2008/12/09 12:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2009/01/29 13:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Harley-Davidson_ Race to the Rally Saves
[2006/01/21 11:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/05/09 16:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2008/12/09 12:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2005/08/18 17:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2008/10/24 13:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/02/27 13:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900
[2008/10/29 19:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/30 20:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/22 20:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/10/12 18:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Aim
[2008/02/25 15:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Centra
[2010/01/01 12:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/09/20 11:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HorizonWimba
[2006/01/21 11:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HotSync
[2006/01/24 11:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Leadertech
[2005/09/06 00:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Ohmay
[2007/04/12 19:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Professional
[2010/09/25 20:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Qeybl
[2008/02/25 15:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Saba
[2010/12/30 20:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\start
[2010/10/06 19:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\StreamTorrent
[2008/10/29 19:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Viewpoint
[2011/02/27 18:32:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/02/27 18:32:38 | 000,001,680 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/07/03 15:42:11 | 000,000,000 | RH-- | M] () -- C:\28645308.Dat
[2005/02/12 13:56:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/09/30 11:45:19 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/02/12 13:56:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/02/26 18:24:27 | 000,000,130 | ---- | M] () -- C:\debug.txt
[2008/09/16 16:08:36 | 000,000,055 | ---- | M] () -- C:\DVDPATH.TXT
[2009/07/16 18:15:44 | 004,124,852 | RHS- | M] () -- C:\ExecSignature.txt
[2011/02/27 16:56:32 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2005/02/12 13:56:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/15 11:15:30 | 001,973,600 | RHS- | M] () -- C:\MaxSignature.txt
[2009/12/15 11:15:29 | 003,289,534 | RHS- | M] () -- C:\MaxVirus.txt
[2005/02/12 13:56:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/02/18 10:56:43 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/18 09:52:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/27 18:31:40 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys
[2009/07/16 18:20:56 | 003,712,228 | RHS- | M] () -- C:\SDSignature.txt
[2009/07/16 18:21:44 | 009,672,541 | RHS- | M] () -- C:\SDVirus.txt
[2010/06/12 01:01:02 | 000,039,332 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_02.00.31_log.txt
[2011/01/23 15:46:49 | 000,038,868 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_23.01.2011_15.46.17_log.txt
[2007/01/07 18:33:21 | 001,199,857 | ---- | M] () -- C:\XPMedic_Setup.zip

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 01:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SFC.DLL >
[2008/04/13 18:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[2008/04/13 18:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\system32\sfc.dll
[2004/08/04 01:56:44 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=E8A12A12EA9088B4327D49EDCA3ADD3E -- C:\WINDOWS\$NtServicePackUninstall$\sfc.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 01:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 01:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2003/03/31 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

< >

< End of report >

However, my desktop still has the "warning" from the spyware.

#5 Essexboy

Group: GeekU Moderator
Posts: 55,491
Joined: 31-May 06

Posted 28 February 2011 - 11:24 AM

Still there lets kill it now - may the force be with you

Quit all running programs and run RogueKiller once again.

For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type [2] and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:OTL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O4 - HKCU..\RunOnce: [nDmJeMg12900] C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe ()
[2011/02/27 13:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#6 PrincessLeia

Group: Member
Posts: 43
Joined: 11-June 10

Posted 28 February 2011 - 01:21 PM

Thanks for the reply.

Here is what I have for the post-reboot report:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nDmJeMg12900 not found.
C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jeremiah Schumacher\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jeremiah Schumacher\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeremiah Schumacher
->Temp folder emptied: 85783903 bytes
->Temporary Internet Files folder emptied: 2591833 bytes
->Java cache emptied: 13008989 bytes
->FireFox cache emptied: 46424444 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 5634048 bytes
->Flash cache emptied: 109576 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33664 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 579642 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4352346 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 151.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jeremiah Schumacher
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.2 log created on 02282011_125157

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Rkt:

RogueKiller V4.0.0 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jeremiah Schumacher [Admin rights]
Mode: Scan -- Time : 27/02/2011 17:00:17

Bad processes: 1
[APPDATA/TEMP/DESKTOP] nDmJeMg12900.exe -- c:\documents and settings\all users\application data\ndmjemg12900\ndmjemg12900.exe -> KILLED

Registry Entries: 1
[APPDT/TMP/PF ROGUE] HKCU\[...]\RunOnce : nDmJeMg12900 (C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe) -> FOUND

HOSTS File:
ÿþ1

Finished

RogueKiller V4.0.0 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jeremiah Schumacher [Admin rights]
Mode: Scan -- Time : 27/02/2011 18:43:16

Bad processes: 1
[APPDATA/TEMP/DESKTOP] nDmJeMg12900.exe -- c:\documents and settings\all users\application data\ndmjemg12900\ndmjemg12900.exe -> KILLED

Registry Entries: 1
[APPDT/TMP/PF ROGUE] HKCU\[...]\RunOnce : nDmJeMg12900 (C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe) -> FOUND

HOSTS File:
ÿþ1

Finished

RogueKiller V4.0.0 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jeremiah Schumacher [Admin rights]
Mode: Scan -- Time : 27/02/2011 19:10:28

Bad processes: 1
[APPDATA/TEMP/DESKTOP] nDmJeMg12900.exe -- c:\documents and settings\all users\application data\ndmjemg12900\ndmjemg12900.exe -> KILLED

Registry Entries: 1
[APPDT/TMP/PF ROGUE] HKCU\[...]\RunOnce : nDmJeMg12900 (C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe) -> FOUND

HOSTS File:
ÿþ1

Finished

RogueKiller V4.0.0 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jeremiah Schumacher [Admin rights]
Mode: Scan -- Time : 28/02/2011 01:17:05

Bad processes: 1
[APPDATA/TEMP/DESKTOP] nDmJeMg12900.exe -- c:\documents and settings\all users\application data\ndmjemg12900\ndmjemg12900.exe -> KILLED

Registry Entries: 1
[APPDT/TMP/PF ROGUE] HKCU\[...]\RunOnce : nDmJeMg12900 (C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe) -> FOUND

HOSTS File:
127.0.0.1 localhost

Finished

RogueKiller V4.0.0 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jeremiah Schumacher [Admin rights]
Mode: Remove -- Time : 28/02/2011 12:48:50

Bad processes: 1
[APPDATA/TEMP/DESKTOP] nDmJeMg12900.exe -- c:\documents and settings\all users\application data\ndmjemg12900\ndmjemg12900.exe -> KILLED

Registry Entries: 1
[APPDT/TMP/PF ROGUE] HKCU\[...]\RunOnce : nDmJeMg12900 (C:\Documents and Settings\All Users\Application Data\nDmJeMg12900\nDmJeMg12900.exe) -> DELETED

HOSTS File:
127.0.0.1 localhost

Finished

OTL:

OTL logfile created on: 2/28/2011 12:58:30 PM - Run 6
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Jeremiah Schumacher\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.47 Gb Free Space | 74.43% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.14 Gb Free Space | 54.06% Space Free | Partition Type: FAT32

Computer Name: JEREMIAH-KF1Y8X | User Name: Jeremiah Schumacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 16:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
PRC - [2010/12/01 14:49:56 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/10/20 15:58:15 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2010/01/01 12:40:28 | 000,095,232 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2009/11/06 14:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/09/22 21:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/04/19 17:04:20 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/11/10 22:15:31 | 000,111,816 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2001/08/06 05:41:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

========== Modules (SafeList) ==========

MOD - [2011/02/27 16:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/20 15:58:15 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/09/22 21:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/04/13 18:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2006/05/12 20:17:24 | 001,123,008 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2001/08/06 05:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)

========== Driver Services (SafeList) ==========

DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/12 01:01:40 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/06 11:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 11:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 11:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2006/05/12 20:17:24 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/02/26 11:17:58 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2002/06/06 11:08:38 | 000,337,536 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 16:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/04/11 12:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 07:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 07:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 07:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 07:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 07:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 07:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 07:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 07:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 07:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2000/10/25 06:27:24 | 000,003,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.pbs.org/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a298ed31-d405-40e2-880f-b7511948e582}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/09 12:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/03 17:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 03:17:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/24 00:21:23 | 000,000,000 | ---D | M]

[2008/09/01 17:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Extensions
[2011/02/28 01:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions
[2010/11/23 09:35:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/13 17:37:09 | 000,000,000 | ---D | M] (SporTV Toolbar) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{a298ed31-d405-40e2-880f-b7511948e582}
[2011/01/26 13:37:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/18 14:37:13 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\redshift_V2@shift-themes.com
[2011/02/28 01:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/24 22:11:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/24 00:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/01/03 17:54:17 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009/06/29 17:47:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/03/02 07:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2008/09/19 09:36:12 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/17 05:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/07/02 09:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll

O1 HOSTS File: ([2011/02/28 12:52:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\Jeremiah Schumacher\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernet...urferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by104fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1129561795437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalci...illama/ampx.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - https://www.mvrenewa...e.mn.us/dps.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - ® - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/12 13:56:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/07/22 19:52:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 12:51:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/28 02:00:26 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/02/28 02:00:26 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/02/28 02:00:25 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/02/28 02:00:16 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/02/28 02:00:16 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/02/28 02:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/02/28 02:00:08 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/02/28 02:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/02/28 02:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/02/28 02:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\PC Tools
[2011/02/28 02:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/02/28 01:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/28 01:13:22 | 038,357,640 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\Spyware-Doctor-With-Antivirus.exe
[2011/02/27 19:32:41 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/27 19:32:41 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/02/27 19:32:32 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/02/27 17:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\RK_Quarantine
[2011/02/27 16:46:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
[2011/02/27 16:39:07 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTH.scr
[2011/02/27 14:22:16 | 098,074,484 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTLPEStd.exe
[2011/02/27 13:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900

========== Files - Modified Within 30 Days ==========

[2011/02/28 12:56:37 | 000,001,680 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job
[2011/02/28 12:56:19 | 000,013,764 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/28 12:54:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/28 12:54:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/02/28 12:54:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/28 12:52:01 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/28 12:40:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003UA.job
[2011/02/28 02:00:41 | 000,696,226 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/28 02:00:13 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/02/28 01:51:54 | 000,028,982 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\SafeBoot
[2011/02/28 01:15:03 | 038,357,640 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\Spyware-Doctor-With-Antivirus.exe
[2011/02/28 00:48:00 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTH.scr
[2011/02/27 19:30:59 | 084,299,776 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\VIPRERescue8552.exe
[2011/02/27 19:08:21 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkiller.scr
[2011/02/27 18:55:14 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.com
[2011/02/27 18:42:30 | 000,830,464 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\winlogon.exe.exe
[2011/02/27 17:40:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003Core.job
[2011/02/27 16:56:32 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/27 16:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
[2011/02/27 16:42:27 | 098,074,484 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTLPEStd.exe
[2011/02/22 20:01:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/21 18:20:08 | 000,000,155 | ---- | M] () -- C:\WINDOWS\TmProxy.ini
[2011/02/21 18:20:08 | 000,000,155 | ---- | M] () -- C:\WINDOWS\TmPfw.ini
[2011/02/09 21:33:33 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 18:27:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/02/28 02:00:29 | 000,696,226 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/28 02:00:13 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/02/28 01:51:54 | 000,028,982 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\SafeBoot
[2011/02/27 19:27:11 | 084,299,776 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\VIPRERescue8552.exe
[2011/02/27 18:42:38 | 000,830,464 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\winlogon.exe.exe
[2011/02/27 16:54:47 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkiller.scr
[2011/02/27 16:53:28 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\rkill.com
[2011/02/27 14:25:16 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/21 18:20:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmProxy.ini
[2011/02/21 18:20:07 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmPfw.ini
[2010/12/27 20:35:18 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/20 15:44:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/07/28 09:32:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/09 03:26:58 | 000,041,504 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/03 17:35:49 | 000,164,960 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/01/03 17:35:49 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2009/11/06 11:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/11/06 11:00:20 | 000,016,240 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 18:54:53 | 000,146,510 | ---- | C] () -- C:\WINDOWS\hphins32.dat
[2009/07/22 18:54:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
[2008/09/18 14:50:41 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2007/04/13 16:42:27 | 000,001,530 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/27 06:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/26 21:30:03 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/26 21:13:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/06/09 19:20:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/09 19:20:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/21 11:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/05/09 19:24:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/05/09 19:24:14 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msikbd2k.sys
[2005/05/09 19:24:14 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/04/27 12:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/03/30 18:51:57 | 000,274,507 | ---- | C] () -- C:\WINDOWS\System32\FXMathLib.dll
[2005/02/27 10:18:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/22 09:08:14 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/02/22 09:08:14 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/02/22 09:08:00 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/02/22 09:08:00 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/02/22 09:07:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005/02/22 09:07:53 | 000,121,329 | R--- | C] () -- C:\WINDOWS\Cmuda.ini
[2005/02/22 09:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/02/22 09:07:50 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/02/22 09:07:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/02/22 09:04:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2005/02/22 08:58:11 | 000,003,000 | ---- | C] () -- C:\WINDOWS\System32\SetupNT.sys
[2005/02/14 15:35:11 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/14 10:34:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/12 15:02:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/12 14:26:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/12 14:24:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2005/02/12 13:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/12 13:53:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/10 04:03:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/10 04:02:09 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/31 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 06:00:00 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 06:00:00 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 12:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll

========== LOP Check ==========

[2008/12/09 12:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2008/12/09 12:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2009/01/29 13:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Harley-Davidson_ Race to the Rally Saves
[2006/01/21 11:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/05/09 16:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2008/12/09 12:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2005/08/18 17:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2008/10/24 13:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/02/28 12:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900
[2011/02/28 13:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/29 19:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/30 20:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/22 20:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/10/12 18:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Aim
[2008/02/25 15:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Centra
[2010/01/01 12:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/09/20 11:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HorizonWimba
[2006/01/21 11:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HotSync
[2006/01/24 11:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Leadertech
[2005/09/06 00:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Ohmay
[2007/04/12 19:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Professional
[2010/09/25 20:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Qeybl
[2008/02/25 15:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Saba
[2010/12/30 20:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\start
[2010/10/06 19:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\StreamTorrent
[2008/10/29 19:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Viewpoint
[2011/02/28 12:54:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/02/28 12:56:37 | 000,001,680 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LDF53DB23ACBB464F9474D9D7ADABDD61.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#7 Essexboy

Group: GeekU Moderator
Posts: 55,491
Joined: 31-May 06

Posted 28 February 2011 - 01:33 PM

Hmm the folder that the malware was in does not want to go so lets use a bigger hammer . On completion of this can you let me know what problems remain

1. Please download The Avenger2 by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote

Begin copying here:

Folders to delete:
C:\Documents and Settings\All Users\Application Data\nDmJeMg12900l

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply .

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#8 PrincessLeia

Group: Member
Posts: 43
Joined: 11-June 10

Posted 28 February 2011 - 03:56 PM

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5907

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/28/2011 3:44:52 PM
mbam-log-2011-02-28 (15-44-52).txt

Scan type: Quick scan
Objects scanned: 144970
Time elapsed: 10 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is Avenger:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: folder "C:\Documents and Settings\All Users\Application Data\nDmJeMg12900l" not found!
Deletion of folder "C:\Documents and Settings\All Users\Application Data\nDmJeMg12900l" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Pleeeeease tell me this did something! Thank you.

#9 Essexboy

Group: GeekU Moderator
Posts: 55,491
Joined: 31-May 06

Posted 28 February 2011 - 04:01 PM

What problems do you have now ?

#10 PrincessLeia

Group: Member
Posts: 43
Joined: 11-June 10

Posted 28 February 2011 - 04:22 PM

Should I be able to use safe mode with networking at all? last night I attempted to get into it to run MBAM but I was unable to.

So far, no problems. I am still paranoid though

#11 Essexboy

Group: GeekU Moderator
Posts: 55,491
Joined: 31-May 06

Posted 28 February 2011 - 04:30 PM

Could you attempt safe mode with networking now to ensure that it works .. If not we will look at repairing it

#12 PrincessLeia

Group: Member
Posts: 43
Joined: 11-June 10

Posted 28 February 2011 - 04:33 PM

Could you remind me how to do safe mode again? What I have been doing is restarting, then after the first beep I hit F8, but nothing happens. Should I be holding down F8? I tried a gazillion times last night and nothing happened!

#13 Essexboy

Group: GeekU Moderator
Posts: 55,491
Joined: 31-May 06

Posted 28 February 2011 - 04:35 PM

After the beep continually press and release F8 (sort of on/off/on/off if you get my drift )

#14 PrincessLeia

Group: Member
Posts: 43
Joined: 11-June 10

Posted 28 February 2011 - 04:37 PM

Okay, going to reboot now in safe mode...or try.

#15 PrincessLeia

Group: Member
Posts: 43
Joined: 11-June 10

Posted 28 February 2011 - 04:49 PM

Attempted to reboot into safe mode, and it didn't work.

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

Systems Tools download - Geeks to Go Forums