Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer will not shut down properly, possible malware?


  • This topic is locked This topic is locked

#16
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Is Speccy supposed to take a long time?
  • 0

Advertisements


#17
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It should take a few minutes. Skip this step and proceed with step 2 please. Then try this one:

Download and install Free Everest Home Edition
  • Open it.
  • In left pane expand Computer folder.
  • Click once on Summary
  • In upper menu, go Report
  • And then to Quick Report-Summary
  • Save it in text file, and paste it in your next post.

Posted Image
  • 0

#18
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
OTL logfile created on: 9/16/2011 9:35:40 PM - Run 9
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Jeremiah Schumacher\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 44.31 Gb Free Space | 59.46% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.02 Gb Free Space | 53.74% Space Free | Partition Type: FAT32
Drive F: | 409.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEREMIAH-KF1Y8X | User Name: Jeremiah Schumacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 15:33:56 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe
PRC - [2011/05/10 22:51:32 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2011/04/20 09:33:48 | 006,515,800 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2011/03/24 06:42:32 | 000,142,336 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2011/03/22 10:14:10 | 000,165,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2011/02/27 17:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
PRC - [2010/11/10 18:16:42 | 031,095,432 | ---- | M] (Dmailer S.A.) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/09/22 22:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/04/19 18:04:20 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/11/10 23:15:31 | 000,111,816 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2001/08/06 06:41:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/27 17:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sdCoreService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/02 19:57:25 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/05/10 22:51:32 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/09/22 22:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2001/08/06 06:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2011/03/22 10:14:22 | 000,176,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/03/22 10:14:22 | 000,029,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2011/03/22 10:14:22 | 000,023,176 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/06/12 02:01:40 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2005/02/26 12:17:58 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2002/06/06 12:08:38 | 000,337,536 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 17:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2000/10/25 07:27:24 | 000,003,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.pbs.org/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a298ed31-d405-40e2-880f-b7511948e582}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {8a46cc45-3a8a-4d46-aa05-8a0d09ed19ef}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/09 13:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/03 18:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 22:45:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 22:45:40 | 000,000,000 | ---D | M]

[2008/09/01 18:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Extensions
[2011/09/16 19:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions
[2011/06/19 14:50:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/09/15 23:37:49 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{8a46cc45-3a8a-4d46-aa05-8a0d09ed19ef}
[2011/08/01 19:07:46 | 000,000,000 | ---D | M] (SporTV Community Toolbar) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{a298ed31-d405-40e2-880f-b7511948e582}
[2011/09/03 08:34:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/30 08:26:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\[email protected]
[2010/11/18 15:37:13 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\[email protected]
[2011/09/16 19:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/24 23:11:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/24 01:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/01/03 18:54:17 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009/06/29 18:47:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/03/02 08:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2008/09/19 10:36:12 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/17 06:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/07/02 10:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll

O1 HOSTS File: ([2011/09/15 20:16:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {021E961F-C02A-4D57-832D-9264684EC5Ad} - C:\WINDOWS\system32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-18..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Dmailer S.A.)
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [wmiWeb64] C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\BluetoothcfgSupport\wmiWeb64.dll ()
O4 - Startup: C:\Documents and Settings\Jeremiah Schumacher\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernet...urferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by104fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1129561795437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalci...illama/ampx.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - https://www.mvrenewa...e.mn.us/dps.gif
O24 - Desktop Components:1 () - http://a7.sphotos.ak...3533357_500.jpg
O24 - Desktop Components:2 () - http://a8.sphotos.ak...3_6277614_n.jpg
O24 - Desktop Components:3 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/12 14:56:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/07/22 19:52:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 20:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2011/09/15 20:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/09/15 20:21:46 | 004,087,040 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\spsetup112.exe
[2011/09/12 18:12:49 | 000,000,000 | ---D | C] -- C:\2b62d42644022d41ef5021c0
[2011/09/12 17:27:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/11 21:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/11 19:42:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/11 19:28:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/11 19:28:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/11 19:28:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/11 19:28:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/05 15:34:01 | 000,239,616 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/05 14:02:28 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\aswMBR.exe
[2011/09/05 12:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\My Vaults
[2011/09/05 12:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Start Menu\Programs\SanDisk SecureAccess Manager
[2011/09/05 12:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk
[2011/09/05 12:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Proxure
[2011/09/05 12:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/09/05 12:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/09/05 12:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/09/05 12:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/09/05 12:09:30 | 000,000,000 | ---D | C] -- C:\8fd39794d05c79cb3a6ac5d5bd159e59
[2011/09/05 12:08:36 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011/09/05 12:06:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/09/05 12:05:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/09/04 18:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\tdsskiller
[2011/09/04 18:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\GooredFix Backups
[2011/09/02 22:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\BluetoothcfgSupport
[2011/08/24 20:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/08/19 22:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/19 18:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[1 C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Jeremiah Schumacher\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/16 21:02:05 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003UA.job
[2011/09/16 21:01:47 | 000,013,764 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/16 20:59:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/09/16 20:59:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/15 23:44:03 | 000,963,756 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\DSC02454.JPG
[2011/09/15 20:22:25 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/09/15 20:21:23 | 004,087,040 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\spsetup112.exe
[2011/09/15 20:16:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/09/15 19:36:25 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/15 19:36:25 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/14 17:25:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/13 00:50:05 | 000,063,494 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\V6HDD00Z.jpg
[2011/09/13 00:48:24 | 000,021,087 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\alphonse_mucha_gallery_2.jpg
[2011/09/13 00:45:38 | 000,011,343 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\mucha-alphonse-les-saisons.jpg
[2011/09/12 19:21:57 | 003,515,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 19:42:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/11 19:27:13 | 004,202,584 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\ComboFix.exe
[2011/09/11 19:25:14 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\0f825077
[2011/09/11 19:23:54 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\ef5faf88
[2011/09/11 19:23:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\f8fa278d
[2011/09/08 22:45:31 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\87fa5f77
[2011/09/08 08:02:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003Core.job
[2011/09/07 19:34:34 | 000,049,430 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\Report_Rootkit
[2011/09/07 19:18:00 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\RKUnhookerLE.EXE
[2011/09/06 20:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/06 19:15:51 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBRCheck.exe
[2011/09/06 19:15:29 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.zip
[2011/09/05 20:35:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.dat
[2011/09/05 15:34:01 | 000,239,616 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/05 14:02:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\aswMBR.exe
[2011/09/05 12:21:47 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\.backup.dm
[1 C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Jeremiah Schumacher\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/15 23:39:11 | 000,963,756 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\DSC02454.JPG
[2011/09/15 20:22:25 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/09/13 00:50:05 | 000,063,494 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\V6HDD00Z.jpg
[2011/09/13 00:38:59 | 000,011,343 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\mucha-alphonse-les-saisons.jpg
[2011/09/13 00:34:57 | 000,021,087 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\alphonse_mucha_gallery_2.jpg
[2011/09/11 19:42:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/11 19:42:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/11 19:28:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/11 19:28:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/11 19:28:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/11 19:28:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/11 19:28:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/07 19:34:34 | 000,049,430 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\Report_Rootkit
[2011/09/07 19:18:12 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\RKUnhookerLE.EXE
[2011/09/06 19:18:36 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBRCheck.exe
[2011/09/06 19:15:29 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.zip
[2011/09/05 22:02:30 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\87fa5f77
[2011/09/05 20:35:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.dat
[2011/09/05 15:35:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\f8fa278d
[2011/09/05 15:35:14 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\ef5faf88
[2011/09/05 15:34:37 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\0f825077
[2011/09/05 12:21:47 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\.backup.dm
[2011/05/20 21:04:56 | 000,015,136 | -HS- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\747073s32x2s4it14g
[2011/05/20 21:04:56 | 000,015,136 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\747073s32x2s4it14g
[2011/05/10 18:12:54 | 000,010,800 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8d3477s2b521076
[2011/05/10 18:12:53 | 000,010,800 | -HS- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\8d3477s2b521076
[2011/03/22 10:14:16 | 000,031,104 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/03/22 10:14:10 | 000,016,256 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2011/02/21 19:20:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmProxy.ini
[2011/02/21 19:20:07 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmPfw.ini
[2010/12/27 21:35:18 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/20 16:44:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/07/28 10:32:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/09 04:26:58 | 000,041,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/03 18:35:49 | 000,164,960 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/01/03 18:35:49 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 19:54:53 | 000,146,510 | ---- | C] () -- C:\WINDOWS\hphins32.dat
[2009/07/22 19:54:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
[2008/09/18 15:50:41 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2007/04/13 17:42:27 | 000,001,530 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/27 07:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/26 22:30:03 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/26 22:13:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/06/09 20:20:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/09 20:20:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/21 12:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/05/09 20:24:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/05/09 20:24:14 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msikbd2k.sys
[2005/05/09 20:24:14 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/03/30 19:51:57 | 000,274,507 | ---- | C] () -- C:\WINDOWS\System32\FXMathLib.dll
[2005/02/27 11:18:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/22 10:08:14 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/02/22 10:08:14 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/02/22 10:08:00 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/02/22 10:08:00 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/02/22 10:07:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005/02/22 10:07:53 | 000,121,329 | R--- | C] () -- C:\WINDOWS\Cmuda.ini
[2005/02/22 10:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/02/22 10:07:50 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/02/22 10:07:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/02/22 10:04:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2005/02/22 09:58:11 | 000,003,000 | ---- | C] () -- C:\WINDOWS\System32\SetupNT.sys
[2005/02/14 16:35:11 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/14 11:34:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/12 16:02:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/12 15:26:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/12 15:24:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2005/02/12 14:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/12 14:53:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/10 05:03:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/10 05:02:09 | 003,515,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll

========== LOP Check ==========

[2008/12/09 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2011/09/05 12:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2008/12/09 13:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2009/01/29 14:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Harley-Davidson_ Race to the Rally Saves
[2006/01/21 12:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/05/09 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2008/12/09 13:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2005/08/18 18:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2008/10/24 14:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/02/28 13:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900
[2011/03/20 01:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/08 23:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/29 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/30 21:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/22 21:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/10/12 19:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Aim
[2008/02/25 16:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Centra
[2010/01/01 13:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/09/20 12:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HorizonWimba
[2006/01/21 12:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HotSync
[2006/01/24 12:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Leadertech
[2007/04/12 20:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Professional
[2010/09/25 21:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Qeybl
[2008/02/25 16:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Saba
[2011/09/08 23:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk
[2010/10/06 20:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\StreamTorrent
[2008/10/29 20:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Viewpoint
[2011/09/15 20:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2011/09/16 20:59:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2003/03/31 07:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#19
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here is the Everest report.

Attached Files


  • 0

#20
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please go here to download driver for your audio device. Then install it.

How is your computer running now?
  • 0

#21
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
It's running terribly, to be honest. I noticed that sometimes the sound will work, and sometimes it won't. When it won't work I restart and then it's fine. Should I install the driver anyway to ensure more consistency?

Last night I attempted to open a word document that was saved and the computer never opened it. If I try to log into another site, the browser gets slow and then the entire firefox browser freezes, and then I've got to end program for everything. Webroot also keeps telling me it's blocking some malware, too.
  • 0

#22
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Let's try with these:

  • Click Start, and then Run....
  • In Open: textbox, type cmd, and then press ENTER.
  • At the command prompt, type chkdsk /f /r and then press ENTER.

Note If one or more of the files on the hard disk are open, you will receive the following message:
Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)

Type Y, and then press ENTER to schedule the disk check, and then restart your computer to start the disk check.

NEXT...

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Let me know then if there is any improvement
  • 0

#23
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
It told me "The type of file system is NTFS," and that it could not lock the current drive.
  • 0

#24
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Proceed with next step (sfc scan).
  • 0

#25
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Is there something different we could use instead? I tried doing that and the computer kept rejecting the windows cd I put in...
  • 0

Advertisements


#26
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
How did you mean that CD is rejecting by computer? What error did you get.
  • 0

#27
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
The computer is saying that the cd is the wrong one. It doesn't give any other error message. However, I should mention that it's a copy of windows, not an actual windows cd-- I didn't do it, my husband did!
  • 0

#28
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Leave this for now. It should be original Windows XP setup CD.

Do the following:

Step 1

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista, 7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 2

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • GooredFix log
  • OTL scan log
  • Extras log

  • 0

#29
PrincessLeia

PrincessLeia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:10 on 21/09/2011 (Jeremiah Schumacher)
Firefox version 3.6.22 (en-US)

========== GooredScan ==========

Deleting "C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{8a46cc45-3a8a-4d46-aa05-8a0d09ed19ef}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{3112ca9c-de6d-4884-a869-9855de68056c} [04:11 25/03/2007]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:11 25/03/2007]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [23:47 29/06/2009]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [03:46 13/03/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [06:21 24/01/2011]

C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\
[email protected] [13:26 30/05/2011]
[email protected] [20:37 18/11/2010]
{3112ca9c-de6d-4884-a869-9855de68056c} [19:50 19/06/2011]
{a298ed31-d405-40e2-880f-b7511948e582} [00:07 02/08/2011]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [13:34 03/09/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{400F0BDB-6C49-43A4-BE1F-76D7327A604D}"="C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla" [18:14 09/12/2008]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [23:54 03/01/2010]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [23:47 29/06/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [23:17 12/09/2011]

---------- Old Logs ----------
GooredFix[23.37.18_04-09-2011].txt

-=E.O.F=-

OTL logfile created on: 9/21/2011 8:11:45 PM - Run 10
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Jeremiah Schumacher\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 43.75 Gb Free Space | 58.71% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.02 Gb Free Space | 53.74% Space Free | Partition Type: FAT32
Drive F: | 409.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEREMIAH-KF1Y8X | User Name: Jeremiah Schumacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 15:33:56 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe
PRC - [2011/05/10 22:51:32 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2011/04/20 09:33:48 | 006,515,800 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2011/03/24 06:42:32 | 000,142,336 | ---- | M] () -- C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2011/03/22 10:14:10 | 000,165,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2011/02/27 17:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
PRC - [2010/11/10 18:16:42 | 031,095,432 | ---- | M] (Dmailer S.A.) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2009/04/07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2008/09/22 22:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/04/19 18:04:20 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/11/10 23:15:31 | 000,111,816 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2001/08/06 06:41:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/27 17:46:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\OTL.scr
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sdCoreService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/21 20:02:31 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/05/10 22:51:32 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/09/22 22:49:30 | 000,138,616 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/04 12:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2001/08/06 06:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2011/03/22 10:14:22 | 000,176,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/03/22 10:14:22 | 000,029,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2011/03/22 10:14:22 | 000,023,176 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/06/12 02:01:40 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2005/02/26 12:17:58 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2002/06/06 12:08:38 | 000,337,536 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 17:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2000/10/25 07:27:24 | 000,003,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1F 96 1E 02 2A C0 57 4D 83 2D 92 64 68 4E C5 AD [binary data]
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.pbs.org/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a298ed31-d405-40e2-880f-b7511948e582}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {8a46cc45-3a8a-4d46-aa05-8a0d09ed19ef}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/09 13:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/03 18:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 22:45:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 22:45:40 | 000,000,000 | ---D | M]

[2008/09/01 18:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Extensions
[2011/09/21 20:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions
[2011/06/19 14:50:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/01 19:07:46 | 000,000,000 | ---D | M] (SporTV Community Toolbar) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{a298ed31-d405-40e2-880f-b7511948e582}
[2011/09/03 08:34:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/30 08:26:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\[email protected]
[2010/11/18 15:37:13 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\[email protected]
[2011/09/20 22:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/24 23:11:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/24 01:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMIAH SCHUMACHER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1X4RO5IN.DEFAULT\EXTENSIONS\{8A46CC45-3A8A-4D46-AA05-8A0D09ED19EF}
[2010/01/03 18:54:17 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009/06/29 18:47:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/03/02 08:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2008/09/19 10:36:12 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/17 06:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/07/02 10:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll

O1 HOSTS File: ([2011/09/15 20:16:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {021E961F-C02A-4D57-832D-9264684EC5Ad} - C:\WINDOWS\system32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-18..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [AdobeUpdate] C:\Documents and Settings\Jeremiah Schumacher\Application Data\Adobe\AdobeUpdate\Adobeupdt32.exe ()
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Dmailer S.A.)
O4 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..\Run: [wmiWeb64] C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\BluetoothcfgSupport\wmiWeb64.dll ()
O4 - Startup: C:\Documents and Settings\Jeremiah Schumacher\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernet...urferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by104fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1129561795437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalci...illama/ampx.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - https://www.mvrenewa...e.mn.us/dps.gif
O24 - Desktop Components:1 () - http://a7.sphotos.ak...3533357_500.jpg
O24 - Desktop Components:2 () - http://a8.sphotos.ak...3_6277614_n.jpg
O24 - Desktop Components:3 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Desktop Background.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - ® - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/12 14:56:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/07/22 19:52:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1123561945-117609710-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1123561945-117609710-839522115-1003\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/09/21 20:07:20 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\GooredFix.exe
[2011/09/21 19:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Sound Driver
[2011/09/18 15:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/16 22:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2011/09/16 22:27:40 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\everesthome220.exe
[2011/09/15 20:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2011/09/15 20:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/09/15 20:21:46 | 004,087,040 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\spsetup112.exe
[2011/09/12 18:12:49 | 000,000,000 | ---D | C] -- C:\2b62d42644022d41ef5021c0
[2011/09/12 17:27:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/11 21:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/11 19:42:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/11 19:28:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/11 19:28:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/11 19:28:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/11 19:28:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/05 15:34:01 | 000,239,616 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/05 14:02:28 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\aswMBR.exe
[2011/09/05 12:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\My Vaults
[2011/09/05 12:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Start Menu\Programs\SanDisk SecureAccess Manager
[2011/09/05 12:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk
[2011/09/05 12:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Proxure
[2011/09/05 12:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/09/05 12:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/09/05 12:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/09/05 12:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/09/05 12:09:30 | 000,000,000 | ---D | C] -- C:\8fd39794d05c79cb3a6ac5d5bd159e59
[2011/09/05 12:08:36 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011/09/05 12:06:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/09/05 12:05:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/09/04 18:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\tdsskiller
[2011/09/04 18:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\GooredFix Backups
[2011/09/02 22:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\BluetoothcfgSupport
[2011/08/24 20:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[1 C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Jeremiah Schumacher\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/21 20:07:11 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\GooredFix.exe
[2011/09/21 20:04:08 | 000,013,764 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/21 20:02:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/09/21 20:02:04 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003UA.job
[2011/09/21 20:01:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/21 19:55:04 | 017,954,665 | ---- | M] () -- C:\Program Files\CI9739_512_WINXP.EXE
[2011/09/21 08:02:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-117609710-839522115-1003Core.job
[2011/09/19 17:21:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/16 22:29:49 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\EVEREST Home Edition.lnk
[2011/09/16 22:27:42 | 004,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\everesthome220.exe
[2011/09/15 23:44:03 | 000,963,756 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\DSC02454.JPG
[2011/09/15 20:22:25 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/09/15 20:21:23 | 004,087,040 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\spsetup112.exe
[2011/09/15 20:16:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/09/15 19:36:25 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/15 19:36:25 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/13 00:50:05 | 000,063,494 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\V6HDD00Z.jpg
[2011/09/13 00:48:24 | 000,021,087 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\alphonse_mucha_gallery_2.jpg
[2011/09/13 00:45:38 | 000,011,343 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\mucha-alphonse-les-saisons.jpg
[2011/09/12 19:21:57 | 003,515,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 19:42:33 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/11 19:27:13 | 004,202,584 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\ComboFix.exe
[2011/09/11 19:25:14 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\0f825077
[2011/09/11 19:23:54 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\ef5faf88
[2011/09/11 19:23:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\f8fa278d
[2011/09/08 22:45:31 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\87fa5f77
[2011/09/07 19:34:34 | 000,049,430 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\Report_Rootkit
[2011/09/07 19:18:00 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\RKUnhookerLE.EXE
[2011/09/06 20:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/06 19:15:51 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBRCheck.exe
[2011/09/06 19:15:29 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.zip
[2011/09/05 20:35:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.dat
[2011/09/05 15:34:01 | 000,239,616 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/05 14:02:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\aswMBR.exe
[2011/09/05 12:21:47 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\.backup.dm
[1 C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Jeremiah Schumacher\*.tmp files -> C:\Documents and Settings\Jeremiah Schumacher\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/21 19:53:37 | 017,954,665 | ---- | C] () -- C:\Program Files\CI9739_512_WINXP.EXE
[2011/09/16 22:29:49 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\EVEREST Home Edition.lnk
[2011/09/15 23:39:11 | 000,963,756 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\DSC02454.JPG
[2011/09/15 20:22:25 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2011/09/13 00:50:05 | 000,063,494 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\V6HDD00Z.jpg
[2011/09/13 00:38:59 | 000,011,343 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\mucha-alphonse-les-saisons.jpg
[2011/09/13 00:34:57 | 000,021,087 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\alphonse_mucha_gallery_2.jpg
[2011/09/11 19:42:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/11 19:42:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/11 19:28:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/11 19:28:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/11 19:28:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/11 19:28:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/11 19:28:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/07 19:34:34 | 000,049,430 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\Report_Rootkit
[2011/09/07 19:18:12 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\RKUnhookerLE.EXE
[2011/09/06 19:18:36 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBRCheck.exe
[2011/09/06 19:15:29 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.zip
[2011/09/05 22:02:30 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\87fa5f77
[2011/09/05 20:35:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Desktop\MBR.dat
[2011/09/05 15:35:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\f8fa278d
[2011/09/05 15:35:14 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\ef5faf88
[2011/09/05 15:34:37 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\0f825077
[2011/09/05 12:21:47 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\.backup.dm
[2011/05/20 21:04:56 | 000,015,136 | -HS- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\747073s32x2s4it14g
[2011/05/20 21:04:56 | 000,015,136 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\747073s32x2s4it14g
[2011/05/10 18:12:54 | 000,010,800 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8d3477s2b521076
[2011/05/10 18:12:53 | 000,010,800 | -HS- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\8d3477s2b521076
[2011/03/22 10:14:16 | 000,031,104 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/03/22 10:14:10 | 000,016,256 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2011/02/21 19:20:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmProxy.ini
[2011/02/21 19:20:07 | 000,000,155 | ---- | C] () -- C:\WINDOWS\TmPfw.ini
[2010/12/27 21:35:18 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/20 16:44:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/07/28 10:32:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/09 04:26:58 | 000,041,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/03 18:35:49 | 000,164,960 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/01/03 18:35:49 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 19:54:53 | 000,146,510 | ---- | C] () -- C:\WINDOWS\hphins32.dat
[2009/07/22 19:54:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
[2008/09/18 15:50:41 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2007/04/13 17:42:27 | 000,001,530 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/27 07:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/26 22:30:03 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/26 22:13:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/06/09 20:20:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/09 20:20:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/21 12:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/05/09 20:24:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/05/09 20:24:14 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msikbd2k.sys
[2005/05/09 20:24:14 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/03/30 19:51:57 | 000,274,507 | ---- | C] () -- C:\WINDOWS\System32\FXMathLib.dll
[2005/02/27 11:18:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/22 10:08:14 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/02/22 10:08:14 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/02/22 10:08:00 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/02/22 10:08:00 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/02/22 10:07:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005/02/22 10:07:53 | 000,121,329 | R--- | C] () -- C:\WINDOWS\Cmuda.ini
[2005/02/22 10:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/02/22 10:07:50 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/02/22 10:07:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/02/22 10:04:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2005/02/22 09:58:11 | 000,003,000 | ---- | C] () -- C:\WINDOWS\System32\SetupNT.sys
[2005/02/14 16:35:11 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/14 11:34:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/12 16:02:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/12 15:26:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/02/12 15:24:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2005/02/12 14:59:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/12 14:53:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/10 05:03:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/10 05:02:09 | 003,515,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll

========== LOP Check ==========

[2008/12/09 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2011/09/05 12:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2008/12/09 13:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2009/01/29 14:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Harley-Davidson_ Race to the Rally Saves
[2006/01/21 12:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/05/09 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2008/12/09 13:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2005/08/18 18:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2008/10/24 14:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/02/28 13:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nDmJeMg12900
[2011/03/20 01:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/08 23:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/29 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/30 21:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/22 21:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/10/12 19:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Aim
[2008/02/25 16:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Centra
[2010/01/01 13:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/09/20 12:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HorizonWimba
[2006/01/21 12:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\HotSync
[2006/01/24 12:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Leadertech
[2007/04/12 20:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Professional
[2010/09/25 21:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Qeybl
[2008/02/25 16:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Saba
[2011/09/20 22:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\SanDisk
[2010/10/06 20:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\StreamTorrent
[2008/10/29 20:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Viewpoint
[2011/09/15 20:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2011/09/21 20:02:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2003/03/31 07:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/07 22:45:10 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/07 22:44:40 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/19 22:07:40 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 9/21/2011 8:11:45 PM - Run 10
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Jeremiah Schumacher\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 43.75 Gb Free Space | 58.71% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.02 Gb Free Space | 53.74% Space Free | Partition Type: FAT32
Drive F: | 409.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEREMIAH-KF1Y8X | User Name: Jeremiah Schumacher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"1078:TCP" = 1078:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Abacast\Abaclient.exe" = C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient -- (Abacast, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Mozilla Firefox\magicg\Magic\Manalink.exe" = C:\Program Files\Mozilla Firefox\magicg\Magic\Manalink.exe:*:Disabled:manalink -- (MicroProse Software, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}" = Web Office Pro Keyboard
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 23
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D7B2217-6055-4678-8E99-3FBECD0F65F9}" = CinemaNow Media Manager
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4809d4c-1f28-41cc-8578-a72b75defb39}" = D2600
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E03F902A-7F44-430E-A2E8-8A745A25443D}" = SymNet
"{e382eb50-c5f2-42ca-bad0-901a12fc81ba}" = DJ_SF_05_D2600_Software_Min
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA6197F3-B467-4c70-B450-42D9E0C11400}" = HP Deskjet D2600 Printer Driver Software 12.0 Rel .5
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Battleship" = Battleship
"CentraClient" = Centra Client
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"C-Media Audio" = C-Media 3D Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"dcmsvc_is1" = dcmsvc 1.0
"Digital Editions" = Adobe Digital Editions
"DMM" = TDK Digital MixMaster
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EXPRESSBURN" = Express Burn
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InCD!UninstallKey" = InCD (Ahead Software)
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero Express (Web installer)
"RealPlayer 6.0" = RealPlayer
"Registry Patrol v3.0" = Registry Patrol v3.0
"S3" = UniChrome IGP Driver and Utilities
"ShockwaveFlash" = Adobe Flash Player 9
"Shop for HP Supplies" = Shop for HP Supplies
"Speccy" = Speccy
"StreamTorrent 1.0" = StreamTorrent 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPMedic_is1" = XPMedic
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-117609710-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Abacast Client" = Abacast Client
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2011 7:54:15 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4398781

Error - 9/19/2011 7:54:15 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4398781

Error - 9/19/2011 8:46:13 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 9/19/2011 8:50:51 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2011 8:51:11 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2011 8:51:12 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/19/2011 8:56:20 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/20/2011 6:56:31 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Application Error | ID = 1000
Description = Faulting application adobeupdt32.exe, version 1.0.1.2, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 9/20/2011 11:12:37 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 9/20/2011 11:47:41 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/13/2011 12:53:29 AM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/13/2011 7:15:44 AM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/13/2011 5:40:26 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/13/2011 11:38:35 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/14/2011 5:23:36 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/14/2011 8:31:25 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/15/2011 7:57:51 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/15/2011 9:12:53 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/16/2011 1:38:05 AM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 9/16/2011 7:31:10 PM | Computer Name = JEREMIAH-KF1Y8X | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2


< End of report >
  • 0

#30
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1123561945-117609710-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {8a46cc45-3a8a-4d46-aa05-8a0d09ed19ef}:1.0
    [2011/08/01 19:07:46 | 000,000,000 | ---D | M] (SporTV Community Toolbar) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\{a298ed31-d405-40e2-880f-b7511948e582}
    [2011/05/30 08:26:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\Mozilla\Firefox\Profiles\1x4ro5in.default\extensions\[email protected]
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMIAH SCHUMACHER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1X4RO5IN.DEFAULT\EXTENSIONS\{8A46CC45-3A8A-4D46-AA05-8A0D09ED19EF}
    O2 - BHO: (no name) - {021E961F-C02A-4D57-832D-9264684EC5Ad} - C:\WINDOWS\system32\wscui32.dll (Creative Technology Ltd)
    [2011/09/12 18:12:49 | 000,000,000 | ---D | C] -- C:\2b62d42644022d41ef5021c0
    [2011/09/05 12:09:30 | 000,000,000 | ---D | C] -- C:\8fd39794d05c79cb3a6ac5d5bd159e59
    [2011/09/11 19:25:14 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\0f825077
    [2011/09/11 19:23:54 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\ef5faf88
    [2011/09/11 19:23:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\f8fa278d
    [2011/09/08 22:45:31 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Jeremiah Schumacher\Application Data\87fa5f77
    [2011/05/20 21:04:56 | 000,015,136 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\747073s32x2s4it14g
    [2011/05/10 18:12:54 | 000,010,800 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8d3477s2b521076
    [2011/05/10 18:12:53 | 000,010,800 | -HS- | C] () -- C:\Documents and Settings\Jeremiah Schumacher\Local Settings\Application Data\8d3477s2b521076
    
    :Files
    C:\WINDOWS\System32\wscui32.dll
    ipconfig /flushdns /c
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

After completing post OTL fix and fresh OTL scan logs and tell me how is your computer currently running.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP