WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Infected computer

Started by reedon , Dec 18 2009 06:08 PM

This topic is locked

26 replies to this topic

#1 reedon

New Member

Authentic Member
19 posts

Posted 18 December 2009 - 06:08 PM

"Take a read through this thread and then start a fresh thread in this forum and post accordingly. Please don't forget to include a brief description of your problem, and somebody will be along as soon as. Helpers look for posts with zero replies which is why you need to start afresh and why i'll lock this one. " I've read all of the 'how to get help post' however I cannot perform any of these because IE is completed taken over. I cannot go to any of these websites to download. I'm using a laptop to post this. I need further direction on what to do...thank you.

Advertisements

Register to Remove

#2 inzanity

♠♠lost♠♠

Malware Team
2,340 posts

Posted 18 December 2009 - 07:59 PM

Hello and

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I will post back shortly with instructions.

Proud graduate of WTT Classroom

The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________

#3 reedon

New Member

Authentic Member
19 posts

Posted 18 December 2009 - 08:02 PM

Thank you, I'm slightly freaking out. :pullhair:

#4 inzanity

♠♠lost♠♠

Malware Team
2,340 posts

Posted 18 December 2009 - 08:46 PM

Hi,

Let's try this:

Download OTL to your desktop.
Right click on the icon then choose Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Proud graduate of WTT Classroom

The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________

#5 reedon

New Member

Authentic Member
19 posts

Posted 18 December 2009 - 08:54 PM

I was able to download erunt, rootrepeal, and DDS loaded them onto my flash drive and installed the programs onto my infected computer. I ran and got all of the log files in safe mode. If it is in safe mode, are the reports still valid? If they are they are listed below. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/12/18 21:40 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP2 ================================================== Drivers ------------------- Name: dump_iastor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys Address: 0xBA292000 Size: 749568 File Visible: No Signed: - Status: - Name: H8SRTndlktniyre.sys Image Path: C:\WINDOWS\system32\drivers\H8SRTndlktniyre.sys Address: 0xBA461000 Size: 118784 File Visible: - Signed: - Status: Hidden from the Windows API! Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB995D000 Size: 49152 File Visible: No Signed: - Status: - Hidden Services ------------------- Service Name: H8SRTd.sys Image Path: C:\WINDOWS\system32\drivers\H8SRTndlktniyre.sys ==EOF====EOF== DDS (Ver_09-06-26.01) - NTFSx86 MINIMAL Run by Matt at 21:38:12.93 on 2009-12-18 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1739 [GMT -5:00] AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597} FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE} ============== Running Processes =============== C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Iexplore.exe C:\Documents and Settings\Matt\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: VMN Toolbar: {4e7bd74f-2b8d-469e-8da9-fd60bb9aae33} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Uniblue RegistryBooster 2] "c:\program files\uniblue\registrybooster 2\RegistryBooster.exe" /S uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [Google Update] "c:\documents and settings\matt\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [itarouaq] "c:\documents and settings\matt\local settings\application data\ygcquc\pbsjsysguard.exe" uRun: [clspackxq.exe] "c:\docume~1\matt\locals~1\temp\clspackxq.exe" mRun: [ehTray] "c:\windows\ehome\ehtray.exe" mRun: [SigmatelSysTrayApp] "stsystra.exe" mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe" mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [dlcimon.exe] "c:\program files\dell aio printer 946\dlcimon.exe" mRun: [PinnacleDriverCheck] "c:\windows\system32\PSDrvCheck.exe" -CheckReg mRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart mRun: [Webroot Desktop Firewall] c:\program files\webroot\desktop firewall\WDF.exe mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [NeroFilterCheck] "c:\program files\common files\nero\lib\NeroCheck.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [itarouaq] "c:\documents and settings\matt\local settings\application data\ygcquc\pbsjsysguard.exe" mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16 mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL Notify: 84bb6bde448 - c:\windows\system32\dplayx32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808] R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-8-29 1205760] S2 FlipShare Service;FlipShare Service;c:\program files\flip video\flipshare\FlipShareService.exe [2009-11-19 455944] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-4-21 4048240] S3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?] S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-1-30 33808] S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2006-11-18 155264] =============== Created Last 30 ================ 2009-12-17 21:51 652 a------- c:\windows\system32\krl32mainweq.dll 2009-12-17 21:50 201 a------- c:\windows\system32\srcr.dat 2009-12-07 13:41 1,015 a----r-- C:\logFile.xsl 2009-11-22 12:40 <DIR> --d----- c:\program files\iPod 2009-11-22 12:40 <DIR> --d----- c:\program files\iTunes ==================== Find3M ==================== 2009-09-26 17:28 69,512 a---h--- c:\windows\system32\mlfcache.dat 2008-05-29 23:01 47,360 a------- c:\docume~1\matt\applic~1\pcouffin.sys 2007-10-15 13:11 5,452,407 a------- c:\documents and settings\matt\Tech Project.zip 2006-11-16 20:18 560 a---h--- c:\docume~1\matt\applic~1\ViewerApp.dat ============= FINISH: 21:39:21.92 =============== Everytime I try to run these programs not in safe mode, I receive an error message that states the programs are not safe to run.... Thank you

Attached Files

Attach.txt 18.67KB 351 downloads

#6 reedon

New Member

Authentic Member
19 posts

Posted 18 December 2009 - 09:14 PM

I had to run the OTL software in safe mode, since programs will not open if I'm not in safe mode. So when I tried to Right click on the icon then choose Run as Administrator to run it, there was an error. I double clicked on the icon however and followed your directions not as the administrator, it was the only way that it would work.

OTL logfile created on: 2009-12-18 10:09:30 PM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.13% Memory free
3.85 Gb Paging File | 3.75 Gb Available in Paging File | 97.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 143.97 Gb Free Space | 63.11% Space Free | Partition Type: NTFS
Drive D: | 161.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 495.01 Mb Total Space | 14.53 Mb Free Space | 2.94% Space Free | Partition Type: FAT32
Drive M: | 74.51 Gb Total Space | 13.93 Gb Free Space | 18.69% Space Free | Partition Type: FAT32

Computer Name: ACE
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (PLFlash DeviceIoControl Service) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ELService) Intel® -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe (Intel Corporation)
SRV - (dlci_device) -- C:\WINDOWS\System32\dlcicoms.exe ( )
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (Pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\Elmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\Elkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\Elmou.sys (Intel Corporation)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\Elhid.sys (Intel Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (NUVision) -- C:\WINDOWS\system32\drivers\nuvvid2.sys (Zoran Ltd.)
DRV - (nuvaud2) -- C:\WINDOWS\system32\drivers\nuvaud2.sys (Zoran Ltd.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...age={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-17 20:27:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-22 12:37:20 | 00,000,000 | ---D | M]

[2008-12-01 15:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Extensions
[2008-12-01 15:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\1ys9arm5.default\extensions
[2008-12-01 15:30:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc.)
O4 - HKLM..\Run: [DLCICATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.DLL ()
O4 - HKLM..\Run: [dlcimon.exe] C:\Program Files\Dell AIO Printer 946\dlcimon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [itarouaq] C:\Documents and Settings\Matt\Local Settings\Application Data\ygcquc\pbsjsysguard.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [Webroot Desktop Firewall] C:\Program Files\Webroot\Desktop Firewall\WDF.exe File not found
O4 - HKCU..\Run: [clspackxq.exe] C:\DOCUME~1\Matt\LOCALS~1\Temp\clspackxq.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [itarouaq] C:\Documents and Settings\Matt\Local Settings\Application Data\ygcquc\pbsjsysguard.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\84bb6bde448: DllName - C:\WINDOWS\System32\dplayx32.dll - C:\WINDOWS\System32\dplayx32.dll File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (ra) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-10-18 20:12:03 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009-12-18 22:08:11 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2009-12-18 21:37:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009-12-18 21:29:14 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Matt\Desktop\erunt_setup.exe
[2009-12-18 21:29:14 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Matt\Desktop\RootRepeal.exe
[2009-12-18 18:46:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009-12-17 21:49:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Local Settings\Application Data\ygcquc
[2009-11-22 12:40:39 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009-11-22 12:40:35 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009-01-01 16:31:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008-05-29 23:01:03 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Matt\Application Data\pcouffin.sys
[2008-04-11 22:54:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Webroot
[2008-04-11 16:26:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2007-11-25 12:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007-11-14 10:02:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007-07-12 18:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007-01-15 01:18:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007-01-15 01:17:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006-10-19 19:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006-10-15 17:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006-10-15 17:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006-05-11 16:29:02 | 00,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcipmui.dll
[2006-05-11 16:27:56 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlciserv.dll
[2006-05-11 16:24:22 | 00,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcilmpm.dll
[2006-05-11 16:24:00 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcicomm.dll
[2006-05-11 16:22:34 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcipplc.dll
[2006-05-11 16:21:56 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcicomc.dll
[2006-05-11 16:21:28 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlciprox.dll
[2006-05-11 16:16:52 | 01,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\dlciusb1.dll
[2006-05-11 16:14:12 | 00,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcihbn3.dll
[2005-08-16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Matt\Desktop\*.tmp files -> C:\Documents and Settings\Matt\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009-12-18 22:07:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-12-18 22:06:24 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2009-12-18 21:53:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-12-18 21:53:21 | 08,650,752 | -H-- | M] () -- C:\Documents and Settings\Matt\ntuser.dat
[2009-12-18 21:53:21 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Matt\ntuser.ini
[2009-12-18 21:52:19 | 00,000,203 | ---- | M] () -- C:\WINDOWS\System32\srcr.dat
[2009-12-18 21:52:18 | 00,000,661 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2009-12-18 21:51:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-12-18 21:50:21 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-12-18 21:40:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\settings.dat
[2009-12-18 21:37:10 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\NTREGOPT.lnk
[2009-12-18 21:37:10 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\ERUNT.lnk
[2009-12-18 21:25:06 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Matt\Desktop\RootRepeal.exe
[2009-12-18 21:24:46 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2009-12-18 21:22:56 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Matt\Desktop\erunt_setup.exe
[2009-12-18 20:55:00 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BA676629-1EA5-4A2E-805E-25111604B6E9}.job
[2009-12-18 18:35:29 | 02,117,246 | -H-- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
[2009-12-17 22:27:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2737939767-1837397024-4018921267-1006UA.job
[2009-12-17 22:22:00 | 00,001,688 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LFD6D6859EB35467B9A30BFE380650178.job
[2009-12-17 21:50:03 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009-12-14 06:27:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2737939767-1837397024-4018921267-1006Core.job
[2009-12-14 02:00:00 | 00,001,544 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
[2009-12-13 13:35:50 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Becky money.xls
[2009-12-13 13:35:49 | 00,065,536 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\billing.xls
[2009-12-13 13:03:41 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009-12-13 09:15:22 | 00,000,186 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\default.pls
[2009-12-13 09:15:11 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-12-09 12:02:55 | 00,000,970 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-12-07 14:10:07 | 00,142,848 | -H-- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-07 13:41:18 | 00,001,015 | R--- | M] () -- C:\logFile.xsl
[2009-12-06 20:42:48 | 07,593,853 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\IMG_0188.JPG
[2009-12-06 10:17:03 | 00,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2009-12-05 08:35:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Matt\Desktop\*.tmp files -> C:\Documents and Settings\Matt\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-12-18 21:40:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\settings.dat
[2009-12-18 21:37:10 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\NTREGOPT.lnk
[2009-12-18 21:37:10 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\ERUNT.lnk
[2009-12-18 21:29:14 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2009-12-17 21:51:32 | 00,000,661 | ---- | C] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2009-12-17 21:50:31 | 00,000,203 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat
[2009-12-17 21:50:03 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009-12-13 13:13:04 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Becky money.xls
[2009-12-10 14:03:43 | 07,593,853 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\IMG_0188.JPG
[2009-12-07 13:41:18 | 00,001,015 | R--- | C] () -- C:\logFile.xsl
[2009-12-06 10:17:03 | 00,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2009-11-22 12:41:23 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009-05-28 09:14:45 | 00,000,186 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\default.pls
[2009-01-30 20:30:03 | 00,512,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008-10-25 21:02:58 | 00,000,270 | -HS- | C] () -- C:\Documents and Settings\Matt\Application Data\02000000093a76e2P.manifest
[2008-10-25 21:02:58 | 00,000,013 | -HS- | C] () -- C:\Documents and Settings\Matt\Application Data\02000000093a76e2C.manifest
[2008-10-25 21:02:58 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Matt\Application Data\02000000093a76e2S.manifest
[2008-10-25 21:02:58 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Matt\Application Data\02000000093a76e2O.manifest
[2008-06-01 21:08:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-05-29 23:01:04 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\pcouffin.log
[2008-05-29 23:01:03 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\pcouffin.cat
[2008-05-29 23:01:03 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\pcouffin.inf
[2008-05-26 17:45:27 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\WavCodec.wff
[2008-02-19 01:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008-02-04 17:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007-06-25 16:16:00 | 00,000,059 | ---- | C] () -- C:\WINDOWS\LTDLGFILE14N.INI
[2007-06-08 20:53:02 | 00,002,921 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007-06-08 20:07:46 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007-06-08 20:07:46 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007-03-25 18:52:01 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007-01-15 12:08:25 | 00,000,428 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2007-01-13 18:07:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006-11-18 23:38:18 | 00,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2006-10-18 20:14:39 | 00,000,560 | -H-- | C] () -- C:\Documents and Settings\Matt\Application Data\ViewerApp.dat
[2006-09-23 10:49:06 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2006-09-15 21:30:53 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006-09-12 22:45:09 | 00,142,848 | -H-- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-09-11 22:54:52 | 00,006,144 | -H-- | C] () -- C:\Documents and Settings\Matt\Application Data\dvd.bmk
[2006-09-11 20:33:37 | 00,000,127 | -H-- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\fusioncache.dat
[2006-09-07 11:29:25 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-09-07 11:22:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-09-07 11:17:10 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-09-07 10:51:46 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-09-07 10:51:22 | 00,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-04-12 01:13:58 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlciinsr.dll
[2006-04-12 01:13:54 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcicur.dll
[2006-04-12 01:13:34 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcijswr.dll
[2006-04-12 01:12:38 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlciinsb.dll
[2006-04-12 01:12:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcicub.dll
[2006-04-12 01:12:24 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcicu.dll
[2006-04-12 01:12:20 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlciins.dll
[2006-04-12 01:11:06 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\dlciutil.dll
[2006-01-09 00:56:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcicfg.dll
[2005-11-10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-08-16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005-08-05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005-07-22 10:54:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcivs.dll
[2003-12-22 14:40:06 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003-01-07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008-05-28 22:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007-10-17 21:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006-09-11 20:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2005-08-16 20:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009-06-18 19:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2007-08-21 21:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007-05-31 20:16:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006-11-19 12:48:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006-12-01 22:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009-08-04 22:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008-09-13 12:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TDK
[2007-08-21 22:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006-09-07 11:15:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008-05-30 06:21:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009-09-12 07:49:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-05-23 08:19:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006-12-09 16:46:34 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Matt\Application Data\Alien Skin
[2008-05-28 22:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ashampoo
[2008-06-01 19:07:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Matt\Application Data\Atari
[2007-06-08 20:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\AVSMedia
[2009-09-01 16:12:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Azureus
[2009-08-04 23:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Blender Foundation
[2006-11-06 19:07:34 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Matt\Application Data\EndNote
[2007-03-25 18:51:01 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2008-04-11 16:20:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\MSNInstaller
[2007-05-26 11:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NCH Swift Sound
[2009-08-12 17:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Publish Providers
[2009-10-12 09:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Snapfish
[2009-08-21 15:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Sony
[2009-08-17 10:19:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Sony Creative Software
[2008-04-11 23:07:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Uniblue
[2006-11-04 22:41:41 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Matt\Application Data\Visicom Media
[2009-08-07 20:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vso
[2009-12-18 20:55:00 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BA676629-1EA5-4A2E-805E-25111604B6E9}.job
[2009-12-14 02:00:00 | 00,001,544 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
[2009-12-17 22:22:00 | 00,001,688 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LFD6D6859EB35467B9A30BFE380650178.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5813BA5
< End of report >

OTL Extras logfile created on: 2009-12-18 10:09:30 PM - Run 1
OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.13% Memory free
3.85 Gb Paging File | 3.75 Gb Available in Paging File | 97.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 143.97 Gb Free Space | 63.11% Space Free | Partition Type: NTFS
Drive D: | 161.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 495.01 Mb Total Space | 14.53 Mb Free Space | 2.94% Space Free | Partition Type: FAT32
Drive M: | 74.51 Gb Total Space | 13.93 Gb Free Space | 18.69% Space Free | Partition Type: FAT32

Computer Name: ACE
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE" = C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX -- (Macromedia Inc.)
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\WINDOWS\system32\dlcicoms.exe" = C:\WINDOWS\system32\dlcicoms.exe:*:Enabled:Printer Communication System -- ( )
"C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe" = C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe:*:Enabled:SCRABBLE ® -- (funkitron)
"C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe" = C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1) -- (Nero AG)
"C:\Program Files\Nero\Nero8\Nero MediaHome\NMMediaServer.exe" = C:\Program Files\Nero\Nero8\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2) -- (Nero AG)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Documents and Settings\Matt\Local Settings\temp\OnlineUpdate8\SetupXu.exe" = C:\Documents and Settings\Matt\Local Settings\temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16E217EA-C3E0-402D-8D4F-6189DB74497A}" = Studio 9.4 Patch
"{1A8A11EE-A172-422C-9605-55B7001CC354}" = AssessmentAsstGr5
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Webroot AntiVirus with AntiSpyware
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F866D37-22D0-435D-94F1-31A64D566D0E}" = Pinnacle device drivers
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BCB7EAA-598C-4836-B7EA-3642E41AA222}" = Microsoft LifeCam
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}" = Intel® Viiv™ Software
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{911A0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99B98440-4A0D-11D5-8310-0050DABBB21D}" = DVC
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9C0ADF96-20E7-4671-88D2-39B5A307E2A2}" = Pinnacle USB device drivers
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D22B50A0-DD4E-4E33-9971-891C328677C8}" = DellConnect
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{EC59BF9E-39D5-3108-A34B-12FB60ECAF8B}" = Google Talk Plugin
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FE4BD9BD-4A26-4F39-B12C-19336204B102}" = EndNote X Volume License Edition
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 7_is1" = Ashampoo Burning Studio 7.21
"Azureus Vuze" = Azureus Vuze
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Blender" = Blender (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell AIO Printer 946" = Dell AIO Printer 946
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum_is1" = DVDFab Platinum 2.70
"EL" = Intel® Quick Resume Technology Drivers
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"ExpressBurn" = Express Burn
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 5" = Pinnacle Hollywood FX 5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1A8A11EE-A172-422C-9605-55B7001CC354}" = AssessmentAsstGr5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"iTLG Grade 5" = iTLG Grade 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2007b" = Microsoft Money 2007
"Money2008b" = Microsoft Money Essentials
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NewzToolz_is1" = NewzToolz v1.0.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Punch! Home Design - Platinum" = Punch! Home Design - Platinum
"RealPlayer 6.0" = RealPlayer Basic
"RocketDock_is1" = RocketDock 1.3.5
"Scrabble" = Scrabble
"ToolBox" = NCH Toolbox Uninstall
"ViewpointMediaPlayer" = Viewpoint Media Player
"vmntoolbar" = VMN Toolbar
"WavePad" = WavePad Uninstall
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinISO_is1" = WinISO 5.3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare PPT2DVD (Build 5.1.0.68)_is1" = PPT2DVD
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-12-17 11:13:10 PM | Computer Name = ACE | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2009-12-18 12:37:49 AM | Computer Name = ACE | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2009-12-18 12:37:50 AM | Computer Name = ACE | Source = Application Hang | ID = 1002
Description = Hanging application RocketDock.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009-12-18 12:53:49 AM | Computer Name = ACE | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2009-12-18 12:54:01 AM | Computer Name = ACE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.

Error - 2009-12-18 7:28:52 PM | Computer Name = ACE | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2009-12-18 7:35:27 PM | Computer Name = ACE | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2009-12-18 7:55:14 PM | Computer Name = ACE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2009-12-18 9:51:29 PM | Computer Name = ACE | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2009-12-18 10:50:24 PM | Computer Name = ACE | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

[ System Events ]
Error - 2009-12-18 11:08:02 PM | Computer Name = ACE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-12-18 11:08:52 PM | Computer Name = ACE | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 2009-12-18 11:08:52 PM | Computer Name = ACE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2009-12-18 11:08:52 PM | Computer Name = ACE | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 2009-12-18 11:08:52 PM | Computer Name = ACE | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 2009-12-18 11:08:52 PM | Computer Name = ACE | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 2009-12-18 11:08:52 PM | Computer Name = ACE | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2009-12-18 11:08:52 PM | Computer Name = ACE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 2009-12-18 11:08:52 PM | Computer Name = ACE | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 2009-12-18 11:08:52 PM | Computer Name = ACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD ASPI32 Beep Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

< End of report >

#7 reedon

New Member

Authentic Member
19 posts

Posted 19 December 2009 - 06:55 PM

I tried to install Malware Bytes in safe mode and it installed, but will not open.

#8 inzanity

♠♠lost♠♠

Malware Team
2,340 posts

Posted 19 December 2009 - 11:30 PM

Hi,

Log research takes time, so please be patient and I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
Do not install/uninstall anything on your computer unless advised.
Do not run any other scanning tools other than those instructed for you to use.
Follow the instructions on the order they are given.
Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.

You have Azureus Vuze, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

I would recommend that you uninstall Azureus Vuze, via Control Panel -> Add or Remove Programs.

However, if you do not wish to remove this program please be advised not to use the said program during the course of cleaning your machine.

Yes, the reports are valid. With this next intruction, please try to run it in normal mode. If it says that the program is not safe to run just ignore it.
However, if you still cannot run this in normal mode, do so in dafe mode but we need to disable webroot first (in safe mode or normal mode).

Disable Webroot Spy Sweeper by:
-Right-mouse click (right-click) the Webroot Spy Sweeper icon located in the system tray.
-Select Shut Down from the shortcut menu. Click the Shut Down button to confirm.
-Next, click Start > Settings > Control Panel.
-Double-click Administrative Tools and then double-click Services.
-Find and double-click Webroot Spy Sweeper Engine listed under the Name column.
-Click the Stop button to stop the Webroot service.
-Click OK to close the Webroot Spy Sweeper Engine properties.

For the antivirus portion

"In order to disable the Anti-Virus components of Webroot Anti-Virus you must go to two separate sections:

Anti-Virus Shield Disabling

1. Click on the Options button on the left hand side of Webroot Anti-Virus
2. Go to the Shields tab of the Options Menu
3. Under the section labeled Anti-Virus Protection, take the checkmark out of the Protect against Viruses box.

"Anti-Virus Shields have successfully been turned off."

Anti-Virus Sweep Disabling

1. Click on the Options button on the left hand side of Webroot Anti-Virus
2. On the Sweep tab, put the dot into Custom Sweep (please note you can only disable Anti-Virus Sweeps by using the Custom Sweep option)
3. Under the section labeled Sweep Settings Summary, click the Change Settings link which is next to Custom Sweep Settings
4. A Custom Sweep box will appear with various sections to click on. Click on the What To Sweep button on the left side of this Custom Sweep box.
5. On this screen, take the checkmark out of Sweep for Viruses under the Viruses section.
6. Click the OK button at the bottom of this screen and you will be returned to the Sweep tab. (Again please note that you can only disable Anti-Virus Sweeps by using the Custom Sweep Option which will now be selected)

"Anti-Virus Sweeps have successfully been turned off."

--Next--

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty in properly disabling your protective programs, refer to this link - How to Disable your Security Programs
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

If you run combofix in safe mode, it will reboot your computer, please make sure to boot in safe mode also.

Proud graduate of WTT Classroom

The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________

#9 reedon

New Member

Authentic Member
19 posts

Posted 20 December 2009 - 09:07 AM

HI Inzanity, When I load the computer not in safe mode the spysweeper icon does not appear in the systemtray. Eventually I get an error message saying 'application cannot be executed. The file spysweeeper.exe is infected. Do you want to activate your antivirus software now?' I always click 'NO' IN safe mode, the spysweeper icon is not in the system tray either. Thank you for helping me! Reedon 10:23 - After waiting 15 minutes, spysweeper's icon is now in the systray. HOwever when I right click on it, everything is gray-ed out and unclickable. 10:39 - Even if I hit ctrl alt del, the computer gives a warning message 'application cannot be executed. The file tskmnger.exe is infected. Do you want to activate your antivirus software now?' 11:38 - Everything I click on gives me the same warning message to activate the software.

Edited by reedon, 20 December 2009 - 10:43 AM.

#10 inzanity

♠♠lost♠♠

Malware Team
2,340 posts

Posted 20 December 2009 - 06:35 PM

Hi,

Let's try doing this in Safe Mode with Networking.

Restart your computer.
Keep on tapping f8 when windows starts to boot. Do this before you see the windows screen.
When a list of menu appears, scroll to Safe Mode with Networking using the arrow keys then press Enter.

--Next--
Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty in properly disabling your protective programs, refer to this link - How to Disable your Security Programs
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

NOTE: When ComboFix reboots your computer, make sure to boot in Safe Mode. Save the logs then reboot back to Normal Mode.

Proud graduate of WTT Classroom

The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________

Advertisements

Register to Remove

#11 reedon

New Member

Authentic Member
19 posts

Posted 20 December 2009 - 09:15 PM

I downloaded combofix to my laptop and then saved it to my flashdrive, since my infected desktop will not go onto the internet. IThen I saved combofix to my computer's desktop in 'safe mode with networking' and then I double clicked. The mouse arrow had an hourglass for approx. 10 seconds and then nothing happened.

#12 inzanity

♠♠lost♠♠

Malware Team
2,340 posts

Posted 20 December 2009 - 09:20 PM

Hi, It may take a while for Combofix to scan. Don't do anything else until it finishes it's own scan.

Proud graduate of WTT Classroom

The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________

#13 reedon

New Member

Authentic Member
19 posts

Posted 20 December 2009 - 09:34 PM

Hi...I'm such a newbie... When I clicked on Combofix no window or anything opened. Is that normal? I clicked on it 15 minutes ago and still a blank desktop. Thanks

#14 inzanity

♠♠lost♠♠

Malware Team
2,340 posts

Posted 20 December 2009 - 11:57 PM

Hi,

The infection is preventing our tool from running. Please delete your copy of Combofix.

As you are transferring files from on computer to the infected one.

NOTE: Be sure to do the following steps in the new computer and not the infected one.

Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

--Next--

Download ComboFix from this location: LINK

--Next--

Copy Combofix.exe (KittyFix.exe) from the computer into the flash drive then transfer it into the infected machine.

* IMPORTANT !!! Save Combofix to your Desktop

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty in properly disabling your protective programs, refer to this link - How to Disable your Security Programs
--------------------------------------------------------------------

Double click on ComboFix & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Proud graduate of WTT Classroom

The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________

#15 reedon

New Member

Authentic Member
19 posts

Posted 21 December 2009 - 07:39 AM

Downloaded and installed flashDisenfector; that worked on my laptop.

The combofix (kittyfix) link is not working.

Ran combofix from previous post in Safe mode and received this message

ComboFix has detected the presence of rootkit activity and needs to reboot the machine.
Kindly note down on paper, the name of each file. We may need it later.

C:\WINDOWS\system32\drivers\H8SRTndlktniyre.sys
C:\WINDOWS\system32\H8SRTjsaljhhmpp.dll
C:\WINDOWS\system32\H8SRTjotenkchvd.dat
C:\WINDOWS\system32\H8SRTtbenymstkv.dll

YAHOOO!!!! I restarted and Combofix worked!!!! Here is the log file! YES, PROGRESS!

ComboFix 09-12-20.08 - Matt 2009-12-21 14:53:52.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1769 [GMT -5:00]
Running from: c:\documents and settings\Matt\Desktop\Combo-Fix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matt\Application Data\02000000093a76e2C.manifest
c:\documents and settings\Matt\Application Data\02000000093a76e2O.manifest
c:\documents and settings\Matt\Application Data\02000000093a76e2P.manifest
c:\documents and settings\Matt\Application Data\02000000093a76e2S.manifest
c:\documents and settings\Matt\Local Settings\Application Data\ygcquc
c:\documents and settings\Matt\Local Settings\Application Data\ygcquc\pbsjsysguard.exe
c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\windows\kb913800.exe
c:\windows\system32\drivers\H8SRTndlktniyre.sys
c:\windows\system32\H8SRTjotenkchvd.dat
c:\windows\system32\H8SRTjsaljhhmpp.dll
c:\windows\system32\H8SRTtbenymstkv.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys

((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 17:02 . 2009-12-21 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-19 02:37 . 2009-12-19 02:37 -------- d-----w- c:\program files\ERUNT
2009-12-18 02:26 . 2009-12-18 02:26 -------- d-----w- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-12-18 01:27 . 2009-12-18 01:27 -------- d-----w- c:\documents and settings\Becky\Local Settings\Application Data\Mozilla
2009-11-22 17:40 . 2009-11-22 17:40 -------- d-----w- c:\program files\iPod
2009-11-22 17:40 . 2009-11-22 17:41 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 19:30 . 2008-10-27 21:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 15:38 . 2006-09-12 01:40 -------- d-----w- c:\program files\Dl_cats
2009-12-21 15:18 . 2007-05-27 22:59 92328 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-03 21:14 . 2008-10-27 21:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2008-10-27 21:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 17:40 . 2007-09-08 13:56 -------- d-----w- c:\program files\Common Files\Apple
2009-11-22 17:37 . 2006-10-14 14:17 -------- d-----w- c:\program files\QuickTime
2009-11-22 17:32 . 2009-11-22 17:32 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-19 16:14 . 2009-11-19 16:14 4732800 ----a-w- c:\documents and settings\All Users\Application Data\Flip Video\FlipShare\Updates\FirmwareExec_Windows_en-US_83.06_83.07\FlipVideoFWUpdate.exe
2009-11-11 05:28 . 2009-11-11 05:28 247280 ----a-w- c:\documents and settings\Matt\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-09-26 22:28 . 2009-09-26 22:28 69512 ---ha-w- c:\windows\system32\mlfcache.dat
.

------- Sigcheck -------

[7] 2008-10-16 . E654B78D2F1D791B30D0ED9A8195EC22 . 51224 . . [7.2.6001.788] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wuauclt.exe

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\wuauclt.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
"Google Update"="c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-31 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-07 169984]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-14 430080]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-02-24 73728]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-7 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCICATS]
2006-02-24 21:30 73728 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcitime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-16 20:39 7323648 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dlcicoms.exe"=
"c:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-04-21 5:27 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-08-29 6:42 PM 1205760]
S3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-01-30 8:41 PM 33808]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2006-11-18 155264]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\1ys9arm5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\Matt\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-itarouaq - c:\documents and settings\Matt\Local Settings\Application Data\ygcquc\pbsjsysguard.exe
HKLM-Run-Webroot Desktop Firewall - c:\program files\Webroot\Desktop Firewall\WDF.exe
HKLM-Run-itarouaq - c:\documents and settings\Matt\Local Settings\Application Data\ygcquc\pbsjsysguard.exe
HKLM-RunOnce-ComboFix_Pre - c:\combo-fix\Res.bat
Notify-84bb6bde448 - c:\windows\System32\dplayx32.dll
MSConfigStartUp-brastk - brastk.exe
MSConfigStartUp-iSecurity applet - iSecurity.cpl
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 15:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\iac25_32.ax
c:\windows\system32\mobilev.acm
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
.
**************************************************************************
.
Completion time: 2009-12-21 15:12:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-21 20:12

Pre-Run: 155,802,824,704 bytes free
Post-Run: 156,210,098,176 bytes free

- - End Of File - - D5C8B332A7B2AA97F54B6E26EFB44445

Edited by Ried, 22 December 2009 - 06:39 AM.

Body Background

skin color theme