Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Very persistent Google Redirect and something unknown causing strange


  • This topic is locked This topic is locked

#1
TheGhostAndTheDarkness

TheGhostAndTheDarkness

    Member

  • Member
  • PipPip
  • 15 posts
Hi, and thanks in advance for your help!

My issues began a while back (probably about 2 years ago.) I had just had my PC cleaned and it had been running smoothly for some months. I went out of town and left my nephew to house-sit. When I came back, my computer was infested with all kinds of stuff from whatever horrible websites him and his friends had been going on, but I can't remember exactly what all of it was. My anti-virus (Comodo at the time) would not work properly and neither would Malwarebytes or anything else I tried to use. Eventually I got the problem under control and everything went back to normal. . .or, almost to normal, things never got back to 100%

Every now and then something strange would happen- icons would disappear from the desktop and start menu items would disappear, files would also disappear. Some things that I swore I deleted would reappear, only extremely corrupt and unusable. My wordperfect became so corrupt that I ended up having to reinstall it. I would run scans and once in a while something would be picked up, but, for the most part, it was never anything that seemed too bad. Yet, the problems persisted. . . Because I had gotten a new computer and rarely used this one (this one was reserved for games for the most part) I just never pursued anything beyond running regular scans. I kept putting off coming to a forum for help because I truly believed if it were something that bad, one of the scans would have surely found it by now. . .and, to be honest, I wrote myself off as crazy until someone else noticed start menu items disappearing a few months ago. Within the last few months some new things have popped up, and I've just finally decided to get some help with getting to the bottom of it all.

Probably about 6 months ago the search engine redirecting began. Any link I clicked would take me somewhere else. I knew this was a problem, but no scan would pick anything up. There are also times when my computer will rev up and freeze. The fan begins going extremely fast and the computer begins heating up, I have to manually shut it down because I'm afraid something is going to get damaged. This has happened both when the computer was in use and when it was supposed to be in hibernate mode. Although technically I am the Administrator for the computer, whenever I try to run a program as administrator, it asks for a password. I have never password protected anything. I wrote this off as a prank, but I have yet to find anyone to admit to it (this is a home computer and there are only a handful of people who would have had access to it to do that)so I am including it here. It has also begun running very slow. Programs are slow to open and to close, videos won't play correctly, and games which have previously worked fine are beginning to lag to the point of being unplayable.

The past few months I have run every scan I can think of- Avast!, Kaspersky, Ad-aware,Malwarebytes, SuperAntiSpyware, Spybot Search and Destroy,TDSSKiller, and probably some more that I can't remember. I know there was one rootkit program I used at one point that also didn't find anything. The Avast! Scans are run regularly and have never picked up that much (if anything) until the other day. It was actually the most productive scan I've had since my problems began. During a boot scan it picked up several Java:Agents and Java:CVE-2012, as well as a few Java:Malware-gen.

While all of the scans above may have found something here and there (usually they find nothing), it was always something different and even after their removal, the redirect persisted. After removing all of the things found in the last scan, there was no improvement in the new problems (the lagging and revving) either.

Here is my OTL scan: (I hope I've done all of this right, sorry if I've forgotten something)


OTL logfile created on: 10/15/2012 4:47:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steven Wilkins\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 78.41% Memory free
6.34 Gb Paging File | 5.72 Gb Available in Paging File | 90.22% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 53.95 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: WILKINS | User Name: Steven Wilkins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/15 16:23:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\OTL.exe
PRC - [2012/10/15 16:00:27 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Steven Wilkins\Local Settings\temp\clclean.0001
PRC - [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/14 17:00:04 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2012/05/09 11:53:46 | 000,201,112 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/02/14 12:31:12 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2009/11/04 18:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2008/07/13 10:53:04 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/10/24 10:26:34 | 000,479,232 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2005/10/24 10:26:00 | 000,262,144 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/15 09:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/17 07:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/15 16:00:27 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
MOD - [2012/10/15 14:20:12 | 001,816,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101501\algo.dll
MOD - [2012/10/15 02:34:53 | 001,816,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101500\algo.dll
MOD - [2012/10/10 05:06:15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 05:06:13 | 012,435,992 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 05:06:12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 05:04:44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 05:04:43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 05:04:42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/02/14 18:37:52 | 011,796,096 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/07/13 10:53:04 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
MOD - [2008/07/13 10:53:04 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/10/24 10:26:34 | 000,479,232 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
MOD - [2005/10/24 10:26:00 | 000,262,144 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
MOD - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2005/08/05 14:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 13:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/05/19 01:54:00 | 001,345,520 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL


========== Services (SafeList) ==========

SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/14 12:31:12 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/07/13 10:53:04 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/10/24 10:26:34 | 000,479,232 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\idfda.sys -- (stlntbm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\samhid.sys -- (samhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CamDrL21.sys -- (PhilCam8116)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 04:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/05/17 17:48:27 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/05/17 17:48:27 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2006/06/12 23:34:06 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/01/03 19:58:00 | 000,269,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/06 14:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/25 15:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/03/25 09:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005/01/10 17:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/10 17:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2004/12/22 18:58:00 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/?r=4954
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 36 8A 67 1D 9A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...4A-8E7EB5B96605
IE - HKCU\..\SearchScopes\{30236502-82DA-41BB-80C8-EE647ADBC1CA}: "URL" = http://www.google.co...&rlz=1I7SKPB_en
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.l...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{77334694-cf9e-485e-a8ac-bfdfbffd5cc6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{CC13C2C9-A0F0-4080-8B01-ED18FB0CF7AD}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.170_0\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2010/02/18 14:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions
[2009/12/20 15:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions\[email protected]
[2009/04/09 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - homepage: https://www.startpage.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.startpage.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.170_0\npsoe.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IE Tab = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/15 15:58:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steven Wilkins\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster Express\pmremind.exe (Broderbund Properties LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: neopets.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...8.33/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5737A7E9-56A7-4718-9365-AE58EE28AB21}: DhcpNameServer = 97.64.209.36 97.64.168.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (C:\WINDOWS\system32\ijebmevd.exe C:\WINDOWS\system32\ijebmevd.exe:changelist)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/15 16:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Wilkins\Desktop\GooredFix Backups
[2012/10/15 15:58:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/10/15 15:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/15 15:43:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/15 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/12 17:27:22 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steven Wilkins\Desktop\TDSSKiller.exe
[2012/10/11 20:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 30 Days ==========

[2012/10/15 16:37:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/15 16:20:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005UA.job
[2012/10/15 16:01:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/15 16:01:14 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/15 16:00:31 | 000,000,849 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2012/10/15 16:00:26 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/15 16:00:24 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/15 16:00:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/15 16:00:12 | 3487,731,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/15 15:58:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/10/15 15:43:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/15 08:00:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2012/10/15 01:20:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005Core.job
[2012/10/12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steven Wilkins\Desktop\TDSSKiller.exe
[2012/10/11 18:30:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/10 21:23:25 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Desktop\Google Chrome.lnk
[2012/10/10 21:23:25 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 18:00:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/03 19:22:44 | 000,006,268 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/10/03 19:22:44 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\4326BF1B47.sys

========== Files Created - No Company Name ==========

[2012/10/15 15:43:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 20:27:33 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/11 20:27:33 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/11 18:30:45 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/06 17:24:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/06 17:24:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/06 17:24:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/14 16:57:46 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\.backup.dm
[2011/10/04 16:31:24 | 000,001,676 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/06/24 17:07:17 | 000,018,578 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4km8r11bfh1yqvl25a72
[2011/06/24 17:07:16 | 000,018,578 | -HS- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\4km8r11bfh1yqvl25a72
[2011/04/15 21:02:37 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/15 21:02:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/01 10:36:42 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2010/11/30 09:02:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\housecall.guid.cache
[2010/10/16 10:06:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\jagex_runescape_preferences.dat
[2010/07/08 21:29:43 | 000,012,860 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\.recently-used.xbel
[2009/11/09 16:20:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\prvlcl.dat
[2009/02/02 19:01:53 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/01/19 17:14:01 | 000,000,464 | RHS- | C] () -- C:\Documents and Settings\Steven Wilkins\ntuser.pol
[2008/06/24 21:12:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\core
[2008/02/27 14:28:36 | 000,003,740 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\mindhabits.dat
[2006/06/25 16:02:46 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\dvd.bmk
[2006/06/21 00:04:09 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/19 15:22:53 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\PFP120JPR.{PB
[2006/06/19 15:22:53 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\PFP120JCM.{PB
[2006/06/16 21:25:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\$_hpcst$.hpc
[2006/06/14 21:28:20 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 04:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/24 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2012/09/24 06:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/10/04 16:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/01/24 13:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/03/09 15:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/02/14 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2012/07/11 12:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2012/07/16 11:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2010/06/15 12:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/06/15 12:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/03/22 18:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2010/01/16 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamersDigital
[2008/06/16 16:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/05/01 17:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2009/04/07 18:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/03/06 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2008/06/29 12:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2006/06/15 15:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2009/04/23 11:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/02 17:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OptiTex
[2008/12/30 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/24 15:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2008/10/07 17:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StarPlay
[2012/07/27 20:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2009/12/20 15:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/14 20:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/10 19:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/30 18:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/11 19:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\1morebee
[2010/03/24 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Absolutist
[2010/01/09 23:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\acccore
[2012/05/29 13:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Ad-Aware Antivirus
[2012/05/31 17:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\adawaretb
[2009/11/28 17:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Alawar
[2008/10/05 19:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\AlterLab
[2008/10/09 18:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Amaranth Games
[2009/01/12 20:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Ashtons. Family Resort
[2010/03/31 12:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Aveyond 3
[2008/10/23 16:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Aveyond II
[2008/08/08 17:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Beanbag Studios
[2010/05/07 15:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Big Fish Games
[2009/03/09 15:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\blg
[2009/03/16 13:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Boolat Games
[2010/02/23 12:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Boomzap
[2009/06/24 20:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Camel101
[2009/08/17 15:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\CasualForge
[2008/10/12 14:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\cerasus.media
[2009/09/01 20:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Chicken Chase
[2012/07/16 11:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Colibri Games
[2009/08/10 14:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\CupcakeCafe
[2009/03/05 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\EleFun Games
[2009/12/09 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ElementalsTheMagicKey
[2008/07/17 23:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ElevatedDiagnostics
[2009/05/19 21:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Enchanted Katya
[2009/11/07 19:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ERS G-Studio
[2009/01/12 15:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Fabulous Finds
[2009/08/29 20:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\FarmerJane
[2009/05/24 14:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Flood Light Games
[2008/08/16 13:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\FloodLightGames
[2009/01/16 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ForgottenRiddles2
[2010/05/27 17:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\freshgames
[2008/08/08 19:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Friday's games
[2008/06/21 15:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Gaijin Ent
[2008/08/25 14:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Gamelab
[2010/01/16 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\GamersDigital
[2008/12/12 22:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Games
[2009/08/29 17:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\GraveyardShift
[2009/12/23 13:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\gtk-2.0
[2008/05/19 18:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Home Sweet Home
[2008/12/17 19:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Home Sweet Home 2
[2008/12/24 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Home Sweet Home Christmas
[2010/07/12 19:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\HotSync
[2008/04/18 17:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Image Zone Express
[2008/10/06 12:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ITTNord
[2009/02/26 21:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\iWin
[2009/08/23 03:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Kernel for Outlook
[2006/06/17 19:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Leadertech
[2008/06/29 12:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Ludia
[2010/05/11 11:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Mean Hamster
[2009/08/29 18:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\MegaplexMadnessSummerBlockbuster
[2009/08/06 17:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Meridian93
[2010/03/18 17:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Merscom
[2008/02/04 17:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\MSNInstaller
[2009/02/10 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\My Games
[2008/06/22 12:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\MysteryStudio
[2009/04/24 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\NCH Swift Sound
[2008/03/13 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Oberon
[2008/01/26 20:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Oberon Games
[2009/04/24 21:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Oberonv1002
[2009/06/03 20:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\panoramik
[2009/08/24 15:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Peace Craft
[2009/06/26 20:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\PetRush
[2010/03/27 21:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\PlayFirst
[2009/12/11 17:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Playrix Entertainment
[2009/02/14 21:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Pogo Games
[2008/02/25 21:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Printer Info Cache
[2011/05/03 09:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\QuickScan
[2009/04/23 11:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Recordpad
[2009/01/23 17:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\RegistryDefense
[2010/02/14 21:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Research In Motion
[2012/10/15 12:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk
[2012/06/14 17:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk SecureAccess
[2008/10/23 16:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Sandlot Games
[2009/09/25 20:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Sanna
[2009/01/14 11:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SecondLife
[2010/03/16 15:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ShinyTales
[2012/06/19 17:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Sony Online Entertainment
[2008/06/28 10:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SoundSpectrum
[2008/10/14 12:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SulusGames
[2008/02/27 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\TheScruffs
[2009/05/07 21:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\TikGames
[2009/12/20 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\TomTom
[2009/06/26 18:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\UClick
[2010/05/24 11:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Unity
[2008/07/09 20:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ViquaSoft
[2009/12/23 18:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Virtual City
[2010/07/15 19:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Windows Search
[2009/02/13 15:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\World-LooM
[2009/08/11 18:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\Leslieghost.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\CFlog.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7702.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7701.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7700.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7699.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7698.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7696.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7695.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7694.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7693.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7692.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7691.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7690.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7689.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7686.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7685.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7683.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7682.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7681.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7680.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7679.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7678.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7677.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7676.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7675.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7674.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7673.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7672.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7671.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7670.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7669.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7668.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7667.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7666.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7665.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7664.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7663.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7662.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7661.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7660.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7657.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7656.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7655.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7654.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7653.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7652.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7651.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7650.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7649.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7648.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7647.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7646.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7645.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7644.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7643.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7642.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7641.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7640.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7639.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7633.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7632.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7631.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7630.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7629.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7628.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7627.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7626.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7625.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7624.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7623.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7622.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7621.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7620.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7619.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7618.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7617.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7616.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7615.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7614.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7613.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7612.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7611.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7610.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7609.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7607.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7606.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7601.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7594.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7593.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7588.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7587.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7586.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7585.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7584.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7583.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7582.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7581.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7580.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7579.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7578.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7577.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7576.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7575.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7574.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7573.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7572.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7571.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7570.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7569.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7568.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7567.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7566.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7565.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7564.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7563.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7562.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7561.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7560.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7559.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7558.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7557.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7556.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7552.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7551.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7550.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7549.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7548.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7547.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7546.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_6672.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5484.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5483.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5478.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5472.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5459.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5443.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1625.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1595.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1565.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1559.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1556.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1530.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1510.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1496.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1486.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1472.JPG:Roxio EMC Stream
@Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\rriitcnq.exe:changelist
@Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\rijakmlv.exe:changelist
@Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\gpkevxqy.exe:changelist

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
TheGhostAndTheDarkness

TheGhostAndTheDarkness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks a bunch for helping me with this thing! Here are the logs:

Security Check:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



AdwCleaner

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 11:44:01
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steven Wilkins - WILKINS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Steven Wilkins\Application Data\iWin

***** [Registry] *****

Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2003 octets] - [18/10/2012 11:44:01]

########## EOF - C:\AdwCleaner[S1].txt - [2063 octets] ##########



RogueKiller

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Steven Wilkins [Admin rights]
Mode : Remove -- Date : 10/18/2012 12:01:13

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SanDiskSecureAccess_Manager.exe (C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++
--- User ---
[MBR] 46a0b0dcfebbab5c2dafb2ae5e3d6496
[BSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 147769 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 302760990 | Size: 4753 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



As of right now, the redirects are still occurring.And, this is probably going to sound random, but the way I can tell about the start menu things is the calculator. I used it all the time until one day it was just gone. It's still not quite there, but there is a little icon thingy that shows up (not the calculator icon, but the generic unknown icon), it just says that it's a missing shortcut and the file has been renamed/removed. That's a step up, I think? At least there's some sign that it was there at one time. Again, thanks a million for your time, I really respect what you guys do on here!
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
TheGhostAndTheDarkness

TheGhostAndTheDarkness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The computer is the same as it was during my last reply. Redirect is still occurring and it is still running slow. Here is the combofix log:





ComboFix 12-10-19.01 - Steven Wilkins 10/19/2012 12:14:28.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2737 [GMT -5:00]
Running from: c:\documents and settings\Steven Wilkins\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\STEVEN~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Steven Wilkins\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-18 16:54 . 2012-10-18 16:54 -------- d-----w- C:\RK_Quarantine
2012-10-16 23:07 . 2012-10-16 23:07 -------- d-----w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\FalloutNV
2012-10-16 23:07 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-10-16 23:07 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-10-16 23:07 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-10-15 20:58 . 2012-10-15 20:58 -------- d-----w- C:\_OTM
2012-10-15 20:43 . 2012-10-15 20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-15 20:43 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 01:27 . 2012-10-15 21:00 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 01:24 . 2012-07-06 13:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 01:24 . 2010-04-22 15:42 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 23:39 . 2012-07-06 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2005-08-16 09:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2005-08-16 09:18 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-04 03:59 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13 . 2011-10-04 21:38 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-10-04 21:38 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-10-04 21:38 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-10-04 21:38 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-10-04 21:38 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-10-04 21:38 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-10-04 21:38 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-10-04 21:38 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-10-04 21:38 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-10-04 21:38 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-03 05:30 . 2012-07-10 21:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 05:30 . 2012-01-26 00:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
c:\documents and settings\Steven Wilkins\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster Express\pmremind.exe [2012-7-11 331776]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\ijebmevd.exe c:\windows\system32\ijebmevd.exe:changelist\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-06-13 04:34 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 12:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TomTomHOMEService"=2 (0x2)
"PMBDeviceInfoProvider"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the tiny bang story\\ttbs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lume\\Lume.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2901:TCP"= 2901:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/1/2011 10:57 AM 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/4/2011 4:38 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2011 4:38 PM 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2011 4:38 PM 21256]
S0 stlntbm;stlntbm;c:\windows\system32\drivers\idfda.sys --> c:\windows\system32\drivers\idfda.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2012 8:27 PM 136176]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/13/2008 10:53 AM 2560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2012 8:27 PM 136176]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-11 09:12]
.
2012-10-15 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-12 01:27]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-12 01:27]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005Core.job
- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-03 14:35]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005UA.job
- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-03 14:35]
.
.
------- Supplementary Scan -------
.
uStart Page = https://startpage.com/?r=4954
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: neopets.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-19 12:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\SecuROM\License information*]
"datasecu"=hex:05,b2,77,2c,b2,e4,ef,5a,c6,d9,c2,88,94,ad,e4,0b,60,d5,77,51,82,
48,05,b8,ed,81,87,55,f5,de,3e,85,a2,47,f1,cc,86,3d,88,86,7f,29,63,b6,c1,0b,\
"rkeysecu"=hex:42,61,c1,53,ba,a3,3e,5a,6e,69,83,0a,25,30,a7,6b
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0]
"1"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,b4,b6,07,c1,1b,95,01,
2f
"2"=hex:e4,d7,da,38,b0,b5,3c,88,a2,01,5f,80,71,fc,07,41,22,5f,c1,26,5d,01,8c,
86
"3"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,53,86,fb,a3,af,c0,18,
8b,f9,e5,ef,ce,f2,5f,47,59,1f,2b,25,f6,12,48,81,74
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0\FD1E79A92259B5BC6F3673C7C70B3F80]
"1"=hex:a0,05,e5,14,70,56,59,19,19,f2,d5,d0,45,ea,42,c8,7b,0e,8f,12,8d,fe,0d,
89,e7,25,77,a8,98,63,f3,0c
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:4a,96,16,fb,80,e9,b8,09,b5,a8,4b,7d,13,05,ed,a9,36,6f,2e,0a,c1,b9,4f,
13,60,7b,5d,83,7e,a0,72,39,72,37,3f,58,1d,6c,1e,94,33,24,6f,1b,39,dd,60,ce,\
"4"=hex:eb,1f,6a,44,5b,57,2e,42
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:c9,3a,93,65,d5,aa,5c,a5,af,ff,f0,6c,ea,dc,3b,16,d5,46,14,1e,de,21,e3,
92,cf,d2,a7,a7,d7,a8,3c,60,6f,1e,ad,24,4c,e4,b3,35,f5,88,93,81,10,50,6e,57,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,d5,51,9f,32,fb,06,fa,
8c,e8,22,fe,5a,96,f6,72,ff,b7,d3,87,b3,8d,54,9f,32,5f,3a,e2,a1,97,10,45,b9,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:c7,b0,18,85,7b,39,96,ed
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-10-19 12:21:55
ComboFix-quarantined-files.txt 2012-10-19 17:21
ComboFix2.txt 2012-10-19 17:05
ComboFix3.txt 2012-08-06 22:37
.
Pre-Run: 49,411,964,928 bytes free
Post-Run: 49,392,087,040 bytes free
.
- - End Of File - - 709442E0B696A491EC6E35BF7CD7377F
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#8
TheGhostAndTheDarkness

TheGhostAndTheDarkness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry for taking so long to reply- there was a storm down here and apparently my internet provider has been having some difficulties. My internet may be off and on for the next few days, so I may be a little slow to respond. I'll do my best to get things done in the small windows when the internet is actually working. Thanks a lot for being patient with me.

Anyways, TDSS did not find anything and the log came back blank. Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 17:34:11
-----------------------------
17:34:11.487 OS Version: Windows 5.1.2600 Service Pack 3
17:34:11.487 Number of processors: 2 586 0x604
17:34:11.487 ComputerName: WILKINS UserName:
17:34:12.346 Initialize success
17:34:12.487 AVAST engine defs: 12102200
17:34:35.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:34:35.879 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
17:34:35.895 Disk 0 MBR read successfully
17:34:35.895 Disk 0 MBR scan
17:34:35.895 Disk 0 unknown MBR code
17:34:35.910 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:34:35.910 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147769 MB offset 112455
17:34:35.942 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
17:34:35.942 Disk 0 scanning sectors +312496380
17:34:36.004 Disk 0 scanning C:\WINDOWS\system32\drivers
17:34:44.327 Service scanning
17:34:57.023 Modules scanning
17:35:00.380 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:35:03.410 Disk 0 trace - called modules:
17:35:03.441 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iastor.sys hal.dll
17:35:03.441 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b31cab8]
17:35:03.456 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b314030]
17:35:04.268 AVAST engine scan C:\WINDOWS
17:35:12.451 AVAST engine scan C:\WINDOWS\system32
17:37:18.392 AVAST engine scan C:\WINDOWS\system32\drivers
17:37:36.678 AVAST engine scan C:\Documents and Settings\Steven Wilkins
17:52:14.905 AVAST engine scan C:\Documents and Settings\All Users
17:55:42.422 Scan finished successfully
19:12:57.786 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven Wilkins\Desktop\MBR.dat"
19:12:57.786 The log file has been saved successfully to "C:\Documents and Settings\Steven Wilkins\Desktop\aswMBR.txt"
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Driver::
stlntbm

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#10
TheGhostAndTheDarkness

TheGhostAndTheDarkness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The google redirect is still occurring. Will telling you some of the sites it redirects me to help at all? Just now it went to Beesq.net and nixxie-search.com. When trying to go back to the Google page, it would instead just flip between these two. If I did it enough, a different screen would come up from bestsearchus.net, and for a brief second before going to the beesq or nixxie site traffic.adwitty.com would flash. I'm not sure if that helps at all, but I thought I'd try and give you some more to go on. Here is the log from Combofix:


ComboFix 12-10-23.01 - Steven Wilkins 10/23/2012 14:12:56.13.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2592 [GMT -5:00]
Running from: c:\documents and settings\Steven Wilkins\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Steven Wilkins\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_stlntbm
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-18 16:54 . 2012-10-18 16:54 -------- d-----w- C:\RK_Quarantine
2012-10-16 23:07 . 2012-10-16 23:07 -------- d-----w- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\FalloutNV
2012-10-16 23:07 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-10-16 23:07 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-10-16 23:07 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-10-16 23:07 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-10-15 20:58 . 2012-10-15 20:58 -------- d-----w- C:\_OTM
2012-10-15 20:43 . 2012-10-15 20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-15 20:43 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 01:27 . 2012-10-15 21:00 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 20:32 . 2012-07-06 13:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 20:32 . 2010-04-22 15:42 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 18:51 . 2012-07-06 13:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2005-08-16 09:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2005-08-16 09:18 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-04 03:59 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:13 . 2011-10-04 21:38 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-10-04 21:38 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-10-04 21:38 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-10-04 21:38 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-10-04 21:38 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-10-04 21:38 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-10-04 21:38 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-10-04 21:38 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-10-04 21:38 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-10-04 21:38 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-03 05:30 . 2012-07-10 21:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 05:30 . 2012-01-26 00:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
c:\documents and settings\Steven Wilkins\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster Express\pmremind.exe [2012-7-11 331776]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\ijebmevd.exe c:\windows\system32\ijebmevd.exe:changelist\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-06-13 04:34 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 12:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TomTomHOMEService"=2 (0x2)
"PMBDeviceInfoProvider"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the tiny bang story\\ttbs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lume\\Lume.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2901:TCP"= 2901:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/1/2011 10:57 AM 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/4/2011 4:38 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/4/2011 4:38 PM 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2011 4:38 PM 21256]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/13/2008 10:53 AM 2560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2012 8:27 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/11/2012 8:27 PM 136176]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-11 09:12]
.
2012-10-22 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-12 01:27]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-12 01:27]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005Core.job
- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-03 14:35]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005UA.job
- c:\documents and settings\Steven Wilkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-03 14:35]
.
.
------- Supplementary Scan -------
.
uStart Page = https://startpage.com/?r=4954
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: neopets.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-23 14:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\SecuROM\License information*]
"datasecu"=hex:05,b2,77,2c,b2,e4,ef,5a,c6,d9,c2,88,94,ad,e4,0b,60,d5,77,51,82,
48,05,b8,ed,81,87,55,f5,de,3e,85,a2,47,f1,cc,86,3d,88,86,7f,29,63,b6,c1,0b,\
"rkeysecu"=hex:42,61,c1,53,ba,a3,3e,5a,6e,69,83,0a,25,30,a7,6b
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0]
"1"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,b4,b6,07,c1,1b,95,01,
2f
"2"=hex:e4,d7,da,38,b0,b5,3c,88,a2,01,5f,80,71,fc,07,41,22,5f,c1,26,5d,01,8c,
86
"3"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,53,86,fb,a3,af,c0,18,
8b,f9,e5,ef,ce,f2,5f,47,59,1f,2b,25,f6,12,48,81,74
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0\FD1E79A92259B5BC6F3673C7C70B3F80]
"1"=hex:a0,05,e5,14,70,56,59,19,19,f2,d5,d0,45,ea,42,c8,7b,0e,8f,12,8d,fe,0d,
89,e7,25,77,a8,98,63,f3,0c
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:4a,96,16,fb,80,e9,b8,09,b5,a8,4b,7d,13,05,ed,a9,36,6f,2e,0a,c1,b9,4f,
13,60,7b,5d,83,7e,a0,72,39,72,37,3f,58,1d,6c,1e,94,33,24,6f,1b,39,dd,60,ce,\
"4"=hex:eb,1f,6a,44,5b,57,2e,42
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:c9,3a,93,65,d5,aa,5c,a5,af,ff,f0,6c,ea,dc,3b,16,d5,46,14,1e,de,21,e3,
92,cf,d2,a7,a7,d7,a8,3c,60,6f,1e,ad,24,4c,e4,b3,35,f5,88,93,81,10,50,6e,57,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,d5,51,9f,32,fb,06,fa,
8c,e8,22,fe,5a,96,f6,72,ff,b7,d3,87,b3,8d,54,9f,32,5f,3a,e2,a1,97,10,45,b9,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:c7,b0,18,85,7b,39,96,ed
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\windows\system32\PSIService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\STEVEN~1\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2012-10-23 14:26:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-23 19:26
ComboFix2.txt 2012-10-19 17:21
ComboFix3.txt 2012-10-19 17:05
ComboFix4.txt 2012-08-06 22:37
.
Pre-Run: 48,966,447,104 bytes free
Post-Run: 49,058,316,288 bytes free
.
- - End Of File - - DEAA3AB09FEA6331534B27057300A6E2
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

#12
TheGhostAndTheDarkness

TheGhostAndTheDarkness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Alright, here is the OTL.txt scan, and the Extras.txt has been saved.



OTL logfile created on: 10/25/2012 2:18:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steven Wilkins\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 84.65% Memory free
6.34 Gb Paging File | 6.04 Gb Available in Paging File | 95.25% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 45.41 Gb Free Space | 31.47% Space Free | Partition Type: NTFS

Computer Name: WILKINS | User Name: Steven Wilkins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Documents and Settings\Steven Wilkins\Local Settings\temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\Runservice.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Steven Wilkins\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12102501\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12102500\algo.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\encdec.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\mmfs.dll ()
MOD - C:\WINDOWS\Runservice.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\PSIService.exe ()
MOD - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
MOD - C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MOD - C:\WINDOWS\system32\VBICodec.ax ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\WINDOWS\system32\CTMBHA.DLL ()


========== Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (ppped) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (samhid) -- system32\drivers\samhid.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PhilCam8116) -- system32\DRIVERS\CamDrL21.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (CamDrL) -- C:\WINDOWS\system32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ATIAVPCI) -- C:\WINDOWS\system32\drivers\atinavrr.sys (ATI Technologies Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.)
DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/?r=4954
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 36 8A 67 1D 9A CB 01 [binary data]
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\SearchScopes\{30236502-82DA-41BB-80C8-EE647ADBC1CA}: "URL" = http://www.google.co...&rlz=1I7SKPB_en
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\SearchScopes\{77334694-cf9e-485e-a8ac-bfdfbffd5cc6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\SearchScopes\{CC13C2C9-A0F0-4080-8B01-ED18FB0CF7AD}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.170_0\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2010/02/18 14:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions
[2009/12/20 15:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions\[email protected]
[2009/04/09 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - homepage: https://www.startpage.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.startpage.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.170_0\npsoe.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IE Tab = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/23 14:20:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O4 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steven Wilkins\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster Express\pmremind.exe (Broderbund Properties LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..Trusted Domains: neopets.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...8.33/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5737A7E9-56A7-4718-9365-AE58EE28AB21}: DhcpNameServer = 97.64.209.36 97.64.168.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (C:\WINDOWS\system32\ijebmevd.exe C:\WINDOWS\system32\ijebmevd.exe:changelist)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 11:54:37 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2012/10/18 11:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Wilkins\Desktop\RK_Quarantine
[2012/10/16 18:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\FalloutNV
[2012/10/16 18:07:32 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2012/10/16 18:07:32 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2012/10/16 18:07:31 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2012/10/16 18:07:30 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2012/10/16 18:07:30 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2012/10/16 18:07:30 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2012/10/16 18:07:29 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2012/10/15 16:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Wilkins\Desktop\GooredFix Backups
[2012/10/15 15:58:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/10/15 15:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/15 15:43:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/15 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/12 17:27:22 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steven Wilkins\Desktop\TDSSKiller.exe
[2012/10/11 20:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 30 Days ==========

[2012/10/25 14:20:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005UA.job
[2012/10/25 13:37:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/25 06:30:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/25 06:27:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/25 06:26:27 | 000,000,849 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2012/10/25 06:26:14 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/25 06:26:09 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/25 06:26:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/25 06:26:00 | 3487,731,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 01:20:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005Core.job
[2012/10/23 14:20:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/23 14:10:14 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Desktop\Shortcut to ComboFix.exe.lnk
[2012/10/22 19:12:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Desktop\MBR.dat
[2012/10/22 08:00:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2012/10/18 12:44:35 | 000,006,268 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/10/18 12:44:35 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\4326BF1B47.sys
[2012/10/18 11:53:46 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Desktop\Shortcut to RogueKiller (2).exe.lnk
[2012/10/16 14:53:53 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Desktop\Fallout New Vegas.url
[2012/10/15 15:43:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steven Wilkins\Desktop\TDSSKiller.exe
[2012/10/11 18:30:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/10 21:23:25 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Desktop\Google Chrome.lnk
[2012/10/10 21:23:25 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 18:00:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/10/23 14:10:14 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Desktop\Shortcut to ComboFix.exe.lnk
[2012/10/22 19:12:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Desktop\MBR.dat
[2012/10/18 11:53:46 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Desktop\Shortcut to RogueKiller (2).exe.lnk
[2012/10/16 14:53:53 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Desktop\Fallout New Vegas.url
[2012/10/15 15:43:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 20:27:33 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/11 20:27:33 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/11 18:30:45 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/06 17:24:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/06 17:24:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/06 17:24:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/14 16:57:46 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\.backup.dm
[2011/10/04 16:31:24 | 000,001,676 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/06/24 17:07:17 | 000,018,578 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4km8r11bfh1yqvl25a72
[2011/06/24 17:07:16 | 000,018,578 | -HS- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\4km8r11bfh1yqvl25a72
[2011/04/15 21:02:37 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/15 21:02:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/01 10:36:42 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2010/11/30 09:02:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\housecall.guid.cache
[2010/10/16 10:06:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\jagex_runescape_preferences.dat
[2010/07/08 21:29:43 | 000,012,860 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\.recently-used.xbel
[2009/11/09 16:20:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\prvlcl.dat
[2009/02/02 19:01:53 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/01/19 17:14:01 | 000,000,464 | RHS- | C] () -- C:\Documents and Settings\Steven Wilkins\ntuser.pol
[2008/06/24 21:12:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\core
[2008/02/27 14:28:36 | 000,003,740 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\mindhabits.dat
[2006/06/25 16:02:46 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\dvd.bmk
[2006/06/21 00:04:09 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/19 15:22:53 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\PFP120JPR.{PB
[2006/06/19 15:22:53 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\PFP120JCM.{PB
[2006/06/16 21:25:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\$_hpcst$.hpc
[2006/06/14 21:28:20 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 04:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\Leslieghost.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\CFlog.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7702.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7701.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7700.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7699.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7698.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7696.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7695.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7694.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7693.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7692.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7691.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7690.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7689.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7686.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7685.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7683.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7682.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7681.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7680.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7679.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7678.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7677.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7676.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7675.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7674.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7673.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7672.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7671.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7670.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7669.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7668.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7667.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7666.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7665.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7664.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7663.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7662.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7661.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7660.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7657.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7656.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7655.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7654.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7653.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7652.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7651.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7650.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7649.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7648.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7647.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7646.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7645.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7644.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7643.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7642.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7641.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7640.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7639.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7633.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7632.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7631.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7630.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7629.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7628.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7627.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7626.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7625.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7624.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7623.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7622.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7621.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7620.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7619.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7618.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7617.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7616.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7615.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7614.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7613.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7612.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7611.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7610.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7609.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7607.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7606.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7601.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7594.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7593.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7588.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7587.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7586.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7585.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7584.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7583.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7582.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7581.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7580.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7579.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7578.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7577.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7576.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7575.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7574.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7573.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7572.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7571.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7570.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7569.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7568.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7567.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7566.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7565.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7564.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7563.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7562.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7561.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7560.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7559.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7558.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7557.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7556.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7552.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7551.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7550.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7549.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7548.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7547.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7546.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_6672.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5484.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5483.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5478.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5472.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5459.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5443.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1625.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1595.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1565.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1559.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1556.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1530.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1510.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1496.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1486.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1472.JPG:Roxio EMC Stream
@Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\rriitcnq.exe:changelist
@Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\rijakmlv.exe:changelist
@Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\gpkevxqy.exe:changelist

< End of report >
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
    IE - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found
    FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
    O3 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-68032846-1058140136-4283777642-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\Leslieghost.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\CFlog.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7702.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7701.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7700.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7699.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7698.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7696.MOV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7695.MOV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7694.MOV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7693.MOV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7692.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7691.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7690.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7689.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7686.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7685.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7683.MOV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7682.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7681.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7680.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7679.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7678.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7677.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7676.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7675.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7674.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7673.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7672.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7671.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7670.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7669.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7668.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7667.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7666.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7665.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7664.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7663.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7662.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7661.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7660.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7657.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7656.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7655.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7654.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7653.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7652.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7651.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7650.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7649.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7648.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7647.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7646.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7645.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7644.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7643.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7642.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7641.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7640.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7639.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7633.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7632.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7631.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7630.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7629.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7628.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7627.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7626.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7625.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7624.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7623.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7622.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7621.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7620.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7619.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7618.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7617.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7616.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7615.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7614.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7613.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7612.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7611.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7610.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7609.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7607.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7606.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7601.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7594.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7593.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7588.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7587.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7586.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7585.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7584.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7583.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7582.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7581.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7580.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7579.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7578.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7577.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7576.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7575.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7574.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7573.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7572.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7571.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7570.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7569.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7568.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7567.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7566.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7565.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7564.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7563.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7562.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7561.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7560.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7559.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7558.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7557.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7556.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7552.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7551.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7550.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7549.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7548.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7547.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7546.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_6672.MOV:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5484.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5483.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5478.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5472.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5459.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5443.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1625.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1595.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1565.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1559.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1556.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1530.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1510.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1496.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1486.JPG:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1472.JPG:Roxio EMC Stream
    @Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\rriitcnq.exe:changelist
    @Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\rijakmlv.exe:changelist
    @Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\gpkevxqy.exe:changelist    
    [2009/04/09 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions\[email protected]
    [2011/06/24 17:07:17 | 000,018,578 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4km8r11bfh1yqvl25a72
    [2011/06/24 17:07:16 | 000,018,578 | -HS- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\4km8r11bfh1yqvl25a72
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#14
TheGhostAndTheDarkness

TheGhostAndTheDarkness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I did all of the above, and the redirects are still occurring. I thought it had improved a bit, because the first few times Avast actually popped up a warning about being redirected to a malicious site (which is rare, usually it won't come up at all). It's now back to redirecting as usual without the Avast warnings.

I'm going to check later tonight when I get home from work (I'll have more time then) and see if things are still running slow and/or crashing. I'll update that portion of things ASAP.

I can't thank you enough for helping me with this, it's so obnoxiously persistent. . .I would have definitely given up by now if someone wasn't helping me.

Here is the log:
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03402f96-3dc7-4285-bc50-9e81fefafe43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\ not found.
Registry value HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@virtools.com/3DviaPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
Registry value HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-68032846-1058140136-4283777642-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\Leslieghost.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\CFlog.txt:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7702.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7701.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7700.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7699.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7698.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7696.MOV:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7695.MOV:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7694.MOV:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7693.MOV:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7692.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7691.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7690.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7689.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7686.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7685.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7683.MOV:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7682.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7681.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7680.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7679.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7678.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7677.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7676.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7675.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7674.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7673.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7672.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7671.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7670.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7669.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7668.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7667.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7666.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7665.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7664.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7663.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7662.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7661.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7660.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7657.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7656.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7655.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7654.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7653.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7652.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7651.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7650.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7649.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7648.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7647.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7646.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7645.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7644.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7643.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7642.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7641.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7640.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7639.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7633.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7632.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7631.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7630.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7629.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7628.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7627.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7626.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7625.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7624.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7623.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7622.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7621.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7620.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7619.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7618.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7617.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7616.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7615.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7614.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7613.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7612.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7611.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7610.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7609.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7607.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7606.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7601.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7594.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7593.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7588.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7587.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7586.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7585.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7584.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7583.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7582.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7581.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7580.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7579.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7578.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7577.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7576.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7575.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7574.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7573.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7572.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7571.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7570.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7569.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7568.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7567.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7566.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7565.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7564.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7563.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7562.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7561.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7560.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7559.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7558.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7557.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7556.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7552.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7551.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7550.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7549.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7548.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7547.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_7546.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_6672.MOV:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_5484.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_5483.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_5478.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_5472.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_5459.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_5443.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1625.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1595.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1565.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1559.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1556.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1530.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1510.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1496.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1486.JPG:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Documents and Settings\Steven Wilkins\My Documents\100_1472.JPG:Roxio EMC Stream .
ADS C:\WINDOWS\System32\rriitcnq.exe:changelist deleted successfully.
ADS C:\WINDOWS\System32\rijakmlv.exe:changelist deleted successfully.
ADS C:\WINDOWS\System32\gpkevxqy.exe:changelist deleted successfully.
C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions\[email protected] folder moved successfully.
C:\Documents and Settings\All Users\Application Data\4km8r11bfh1yqvl25a72 moved successfully.
C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\4km8r11bfh1yqvl25a72 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Audacity

User: Default User

User: GILBERTA (J)

User: Incomplete

User: Ken Ward's Zipper

User: LocalService

User: NetworkService

User: Steven Wilkins
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Audacity

User: Default User
->Flash cache emptied: 0 bytes

User: GILBERTA (J)

User: Incomplete

User: Ken Ward's Zipper

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Steven Wilkins
->Flash cache emptied: 291 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10262012_122445
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
in which browser does this happen in?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP