Newbie
Hi,
I've been having some virus problems on my laptop and I was referred here by a friend. I ran Hijack This and am posting the log below. Any help with how to fix this is greatly appreciated.
Thanks in advance.
MiddBear
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:55:54 PM, on 7/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
D:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\McAfee\Common Framework\naPrdMgr.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\McAfee\Common Framework\UdaterUI.exe
D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cms.bc.edu/webct/entryPageIns.dowebct
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [solurudot] Rundll32.exe "d:\windows\system32\narenodo.dll",a
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] D:\DOCUME~1\Justin\LOCALS~1\Temp\services.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - D:\Documents and Settings\Justin\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - D:\Documents and Settings\Justin\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - D:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9276D7E4-C124-4831-8AEB-E324ADDBCDD8}: NameServer = 83.149.115.157,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAA0245A-DC5A-42F6-A6BB-2DE43AB477FA}: NameServer = 83.149.115.157,4.2.2.1,68.87.71.230 68.87.73.246
O20 - AppInit_DLLs: d:\windows\system32\gevuniya.dll repeseza.dll d:\windows\system32\wugeruti.dll d:\windows\system32\narenodo.dll
O21 - SSODL: zonenakab - {fe0c11a8-5baf-4cd9-8f9c-760c380c3526} - d:\windows\system32\gevuniya.dll (file missing)
O21 - SSODL: salayanuy - {bc638686-5f86-416e-ab03-b8e66e399298} - d:\windows\system32\wugeruti.dll (file missing)
O21 - SSODL: jufenijas - {1fa1951c-9f85-44b1-929a-0d93e6cf44bb} - d:\windows\system32\narenodo.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: jugezatag - {fe0c11a8-5baf-4cd9-8f9c-760c380c3526} - d:\windows\system32\gevuniya.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {bc638686-5f86-416e-ab03-b8e66e399298} - d:\windows\system32\wugeruti.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {1fa1951c-9f85-44b1-929a-0d93e6cf44bb} - d:\windows\system32\narenodo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9e915290813b0) (gupdate1c9e915290813b0) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPZipm1 2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 1: Justin Drechsler - http://www.google.com/calendar/embed...erica/New_York
--
End of file - 11804 bytes
Senior Member
STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): Malwarebytes' Anti-Malware: Malwarebytes to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Newbie
Thank you for responding. I downloaded and ran both programs. The logs are posted below. As a heads-up, I could only get GMER to run successfully in Safe Mode.
Let me know if you need any other information.
MiddBear
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
7/20/2010 10:49:23 PM
mbam-log-2010-07-20 (22-49-23).txt
Scan type: Quick scan
Objects scanned: 118982
Time elapsed: 8 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 23
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
D:\WINDOWS\system32\yaluhitu.dll (Malware.Packer.Gen) -> Delete on reboot.
D:\WINDOWS\system32\sibakaba.dll (Malware.Packer.Gen) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\solurudot (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\asg984jgkfmgasi8ug98jgkfgfb (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInter net\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("D:\Documents and Settings\Justin\Local Settings\Application Data\av.exe" /START "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{9276d7e4-c124-4831-8aeb-e324addbcdd8}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{baa0245a-dc5a-42f6-a6bb-2de43ab477fa}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1,68.87.71.230 68.87.73.246 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
D:\WINDOWS\system32\buwuwati.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\delehele.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\govuyoni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kisojaze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\minimogo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\norozuse.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\sibakaba.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\tadebava.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tifizebu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tohagugu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\visegobu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yaluhitu.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINDOWS\system32\gobikose.dll.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\repeseza.dll.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yuzubayi.dll.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Documents and Settings\Justin\Local Settings\Temp\1438447773.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Justin\Local Settings\Temp\oxhyanxq.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Documents and Settings\Justin\Local Settings\Temp\avp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Justin\Local Settings\Temp\vwwixjz.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\Justin\Local Settings\Temp\cohppuec.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Documents and Settings\Justin\Local Settings\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Justin\Local Settings\Temp\qsjnts.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
D:\Documents and Settings\Justin\Local Settings\Temp\hsf78w3uhduf8w.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-22 1413
Windows 5.1.2600 Service Pack 3
Running: k3udjpc6.exe; Driver: D:\DOCUME~1\Justin\LOCALS~1\Temp\kxrirkow.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7459E52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF743ACDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF743AED0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF745A640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF745A8F4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7458B44]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF745AD60]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF745A112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF743A984]
---- EOF - GMER 1.0.15 ----
Senior Member
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Newbie
Here is the ComboFix log:
ComboFix 10-07-22.01 - Justin 07/22/2010 20:10:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1581 [GMT -4:00]
Running from: d:\documents and settings\Justin\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Justin\Local Settings\Temporary Internet Files\8l5bm.jpg
d:\documents and settings\Justin\Local Settings\Temporary Internet Files\kBko8.jpg
d:\documents and settings\Justin\Local Settings\Temporary Internet Files\mb4B4.jpg
d:\documents and settings\Justin\Local Settings\Temporary Internet Files\Y86472YmM.jpg
d:\documents and settings\Justin\My Documents\DPE.DUS
d:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
d:\windows\system32\drivers\DELL_XPS_MM061 .MRK
d:\windows\Tasks\hwmsvpke.job
d:\windows\Tasks\ruejpvao.job
.
((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.
2010-07-21 02:35 . 2010-07-21 02:35 -------- d-----w- d:\documents and settings\Justin\Application Data\Malwarebytes
2010-07-21 02:25 . 2010-07-21 02:25 -------- d-----w- D:\Malwarebytes' Anti-Malware
2010-07-21 02:21 . 2010-04-29 19:39 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 02:21 . 2010-07-21 02:35 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-07-21 02:21 . 2010-07-21 02:21 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-21 02:21 . 2010-04-29 19:39 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-07-20 18:55 . 2010-07-20 18:55 -------- d-----w- d:\program files\Trend Micro
2010-07-20 18:38 . 2010-07-20 18:38 664 ----a-w- d:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-23 00:19 . 2010-02-20 00:36 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-07-23 00:02 . 2009-09-26 14:42 -------- d-----w- d:\documents and settings\Justin\Application Data\uTorrent
2010-07-22 23:59 . 2010-02-20 00:37 -------- d-----w- d:\program files\Spyware Doctor
2010-07-20 18:55 . 2010-07-20 18:55 388096 ----a-r- d:\documents and settings\Justin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-20 13:47 . 2006-09-24 16:25 -------- d-----w- d:\program files\PokerStars
2010-06-08 02:16 . 2010-02-20 00:37 763832 ----a-w- d:\windows\BDTSupport.dll
2010-06-08 00:21 . 2010-02-20 00:37 1652664 ----a-w- d:\windows\PCTBDCore.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-06-09 39408]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2009-09-26 289072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="d:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"IntelZeroConfig"="d:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="d:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"McAfeeUpdaterUI"="d:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"ShStatEXE"="d:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-25 111952]
"googletalk"="d:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\PROGRA~1\\ExamSoft\\SofTest\\SoftLnch.exe "=
"d:\\PROGRA~1\\ExamSoft\\SofTest\\softest.exe" = d:\\PROGRA~1\\ExamSoft\\SofTest\\SofTest.exe
"d:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= d:\\Program Files\\ExamSoft\\SoftLnch.exe
"d:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= d:\\Program Files\\ExamSoft\\SofTest.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe "=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [10/25/2009 1:30 PM 64288]
R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [2/19/2010 8:37 PM 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/19/2010 8:37 PM 112592]
S2 gupdate1c9e915290813b0;Google Update Service (gupdate1c9e915290813b0);d:\program files\Google\Update\GoogleUpdate.exe [6/9/2009 11:15 AM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2/19/2010 8:37 PM 359624]
.
Contents of the 'Scheduled Tasks' folder
2010-07-22 d:\windows\Tasks\Ad-Aware Update (Daily 1).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:30]
2010-07-22 d:\windows\Tasks\Ad-Aware Update (Daily 2).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:30]
2010-07-22 d:\windows\Tasks\Ad-Aware Update (Daily 3).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:30]
2010-07-22 d:\windows\Tasks\Ad-Aware Update (Daily 4).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:30]
2010-07-22 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:30]
2009-11-13 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-07-23 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-09 15:15]
2010-07-23 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 15:15]
2010-07-22 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 15:15]
2010-01-30 d:\windows\Tasks\{C307FC7B-00A0-467B-88CD-966EA5B4CA5E}_JUSTINDLAPTOP_Justin.job
- d:\windows\system32\mobsync.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://cms.bc.edu/webct/entryPageIns.dowebct
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - d:\documents and settings\Justin\Start Menu\Programs\UltimateBet\UltimateBet.lnk
IE: {{40B2063F-DB01-4962-BE63-59435C01283C} - d:\progra~1\DOYLES~1\client.exe
Trusted Zone: bc.edu \www.webct4
FF - ProfilePath - d:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: d:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
FF - plugin: d:\documents and settings\Justin\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: d:\documents and settings\Justin\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: d:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.d ll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
SharedTaskScheduler-{fe0c11a8-5baf-4cd9-8f9c-760c380c3526} - d:\windows\system32\gevuniya.dll
SharedTaskScheduler-{bc638686-5f86-416e-ab03-b8e66e399298} - d:\windows\system32\wugeruti.dll
SharedTaskScheduler-{1fa1951c-9f85-44b1-929a-0d93e6cf44bb} - d:\windows\system32\narenodo.dll
SSODL-zonenakab-{fe0c11a8-5baf-4cd9-8f9c-760c380c3526} - d:\windows\system32\gevuniya.dll
SSODL-salayanuy-{bc638686-5f86-416e-ab03-b8e66e399298} - d:\windows\system32\wugeruti.dll
SSODL-jufenijas-{1fa1951c-9f85-44b1-929a-0d93e6cf44bb} - d:\windows\system32\narenodo.dll
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-22 20:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,96,c3 ,31,59,b6,e9,4b,bf,e8,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,96,c3 ,31,59,b6,e9,4b,bf,e8,46,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1008)
d:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\program files\Intel\Wireless\Bin\EvtEng.exe
d:\program files\Intel\Wireless\Bin\S24EvMon.exe
d:\program files\Intel\Wireless\Bin\WLKeeper.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\McAfee\Common Framework\FrameworkService.exe
d:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
d:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
d:\program files\Intel\Wireless\Bin\RegSrvc.exe
d:\windows\system32\wdfmgr.exe
d:\program files\McAfee\Common Framework\naPrdMgr.exe
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\wscntfy.exe
d:\windows\stsystra.exe
d:\program files\McAfee\Common Framework\McTray.exe
d:\program files\iPod\bin\iPodService.exe
d:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
************************************************** ************************
.
Completion time: 2010-07-22 20:26:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-23 00:25
Pre-Run: 41,806,729,216 bytes free
Post-Run: 42,715,328,512 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 891170A2974493608B70D87AB00EB6FB
Senior Member
Any reason, you don't keep your AV program up to date?AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)
How is your computer doing at the moment?
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
================================================== ============
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Newbie
I've never really liked that Anti-Virus program (it was required when I was in graduate school) and I was planning to uninstall it and replace it with Kapersky right before I got this virus. I haven't used the infected computer in months and I probably hadn't updated for a few weeks before that, which is probably why it wasn't updated.
The computer seems to be running fine right now. I had some problems shutting it down last night, but other than that, I haven't had any issues.
Working on your other instructions now. I will post the logs when I have them.
Senior Member
It may be a good time to leave McAfee and replace it with something else (free).
You have to have some AV program, which is current.
If you want to go this way, uninstall McAfee, using this tool: Download McAfee Consumer Product Removal Tool 3.5.109.1 Free - Will remove all 2005, 2006, and 2007 versions of McAfee consumer products - Softpedia
Download and install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: Avira AntiVir Personal - FREE Antivirus
Make sure to turn Windows firewall on.
Newbie
Here are the two OTL logs.
OTL.Txt
OTL logfile created on: 7/22/2010 9:04:19 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Documents and Settings\Justin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 14.52 Gb Total Space | 14.08 Gb Free Space | 96.98% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 39.95 Gb Free Space | 68.18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JUSTINDLAPTOP
Current User Name: Justin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/22 21:02:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Justin\Desktop\OTL.exe
PRC - [2010/02/06 08:30:22 | 001,181,328 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/28 20:30:22 | 000,788,880 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/21 1902 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/18 13:47:14 | 001,243,088 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2008/01/24 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/01/24 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/01/24 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/10/25 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/10/25 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/08/28 21
PRC - [2006/05/01 09:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- D:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/05/01 09:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/01 09:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/05/01 09:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/05/01 09:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) -- D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/05/01 09:20:52 | 000,114,753 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/05/01 09:20:26 | 000,217,164 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- D:\WINDOWS\stsystra.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
========== Modules (SafeList) ==========
MOD - [2010/07/22 21:02:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Justin\Desktop\OTL.exe
MOD - [2009/10/30 12:18:16 | 000,147,024 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 23:54:58 | 000,155,184 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\smum32.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2010/02/06 08:30:22 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/21 19
SRV - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- D:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- D:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/27 21:29:27 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- D:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/01/24 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/01/24 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/10/25 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/08/28 21
SRV - [2006/05/01 09:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2006/05/01 09:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/05/01 09:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/05/01 09:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/23 08:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/13 15:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- D:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 14
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/24 20:50:00 | 000,171,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/01/24 20:50:00 | 000,072,936 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/01/24 20:50:00 | 000,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/01/24 20:50:00 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/01/24 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/01/24 20:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- D:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/10/05 19:35:32 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/05/23 22:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/01 09:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 07:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/08/05 11:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 18:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 17:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/25 17:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 18:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 18:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/08/04 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/05/07 06
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://cms.bc.edu/webct/entryPageIns.dowebct
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.7
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/01/22 21:28:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/01/22 21:28:20 | 000,000,000 | ---D | M]
[2008/08/28 09:03:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Mozilla\Extensions
[2010/07/22 15:01:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\ext ensions
[2009/09/03 17:34:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/19 20:32:04 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\ext ensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2007/10/19 20:32:04 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\ext ensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/02/05 23:25:51 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\ext ensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2008/09/29 09:38:40 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\ext ensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/02/05 23:25:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\4544ccn1.default\ext ensions\piclens@cooliris.com
[2010/07/22 15:01:58 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
O1 HOSTS File: ([2010/07/22 20:19:46 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] D:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelWireless] D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] D:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [McAfeeUpdaterUI] D:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ShStatEXE] D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] D:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - D:\Documents and Settings\Justin\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra 'Tools' menuitem : UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - D:\Documents and Settings\Justin\Start Menu\Programs\UltimateBet\UltimateBet.lnk ()
O9 - Extra Button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - D:\Program Files\Doyles Room Poker\client.exe (Tribeca Tables Europe Limited)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bc.edu ([www.webct4] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:1 (Justin Drechsler) - http://www.google.com/calendar/embed...erica/New_York
O24 - Desktop WallPaper: D:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/28 19:42:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found
Drivers32: midi - D:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - D:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - D:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - D:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - D:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - D:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - D:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - D:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - D:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - D:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - D:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.I420 - D:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - D:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - D:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - D:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - D:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - D:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - D:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - D:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - D:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - D:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - D:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - D:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - D:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65878755301654528)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/22 21:02:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Justin\Desktop\OTL.exe
[2010/07/22 20:06:29 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2010/07/22 08:19:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Justin\Desktop\Placeholder Folder
[2010/07/20 22:35:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Justin\Application Data\Malwarebytes
[2010/07/20 22:25:23 | 000,000,000 | ---D | C] -- D:\Malwarebytes' Anti-Malware
[2010/07/20 22
[2010/07/20 22
[2010/07/20 22
[2010/07/20 22
[2010/07/20 22:09:12 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Justin\Desktop\mbam-setup-1.46.exe
[2010/07/20 14:55:16 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2004/11/24 15:25:52 | 000,335,872 | ---- | C] ( ) -- D:\WINDOWS\System32\drvc.dll
[1996/11/18 01:00:00 | 000,018,944 | ---- | C] ( ) -- D:\WINDOWS\System32\Implode.dll
[46 D:\Documents and Settings\Justin\Desktop\*.tmp files -> D:\Documents and Settings\Justin\Desktop\*.tmp -> ]
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/07/22 21:02:31 | 000,000,472 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/22 21:02:30 | 000,000,472 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/22 21:02:29 | 000,000,472 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/22 21:02:28 | 000,000,472 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/22 21:02:27 | 000,000,472 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/22 21:02:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Justin\Desktop\OTL.exe
[2010/07/22 21:01:00 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/07/22 20:59:51 | 000,000,868 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2010/07/22 20:59:34 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/22 20:59:31 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/07/22 20:59:29 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/07/22 20:58:21 | 004,980,736 | -H-- | M] () -- D:\Documents and Settings\Justin\NTUSER.DAT
[2010/07/22 20:58:21 | 000,000,278 | -HS- | M] () -- D:\Documents and Settings\Justin\ntuser.ini
[2010/07/22 20:20:08 | 000,000,246 | ---- | M] () -- D:\WINDOWS\system.ini
[2010/07/22 20:19:46 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2010/07/22 07:16:05 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/20 22:50:56 | 000,006,456 | -H-- | M] () -- D:\WINDOWS\System32\naruwehu
[2010/07/20 22:12:33 | 000,293,376 | ---- | M] () -- D:\Documents and Settings\Justin\Desktop\k3udjpc6.exe
[2010/07/20 22:09:38 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Justin\Desktop\mbam-setup-1.46.exe
[2010/07/20 14:55:17 | 000,001,986 | ---- | M] () -- D:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2010/07/20 14:54:52 | 001,402,880 | ---- | M] () -- D:\Documents and Settings\Justin\Desktop\HiJackThis.msi
[2010/07/20 14:43:46 | 002,096,656 | -H-- | M] () -- D:\Documents and Settings\Justin\Local Settings\Application Data\IconCache.db
[2010/07/20 14:38:24 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/06/11 11:03:47 | 000,525,946 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 11:03:47 | 000,444,596 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/06/11 11:03:47 | 000,072,306 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/06/07 22:16:01 | 000,763,832 | ---- | M] () -- D:\WINDOWS\BDTSupport.dll
[2010/06/07 20
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[46 D:\Documents and Settings\Justin\Desktop\*.tmp files -> D:\Documents and Settings\Justin\Desktop\*.tmp -> ]
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- D:\WINDOWS\System32\naruwehu
[2010/07/20 22:12:32 | 000,293,376 | ---- | C] () -- D:\Documents and Settings\Justin\Desktop\k3udjpc6.exe
[2010/07/20 14:55:17 | 000,001,986 | ---- | C] () -- D:\Documents and Settings\Justin\Desktop\HiJackThis.lnk
[2010/07/20 14:54:50 | 001,402,880 | ---- | C] () -- D:\Documents and Settings\Justin\Desktop\HiJackThis.msi
[2010/07/20 14:38:23 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/02/19 20:37:47 | 000,767,952 | ---- | C] () -- D:\WINDOWS\BDTSupport.dll.old
[2010/02/19 20:37:47 | 000,763,832 | ---- | C] () -- D:\WINDOWS\BDTSupport.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2009/02/22 14:12:27 | 000,002,528 | ---- | C] () -- D:\WINDOWS\FCIC.INI
[2008/08/23 16:39:37 | 000,176,235 | ---- | C] () -- D:\WINDOWS\System32\Primomonnt.dll
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- D:\WINDOWS\primopdf.ini
[2007/12/24 07:47:52 | 000,007,680 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2007/12/24 07:40:26 | 000,404,992 | ---- | C] () -- D:\WINDOWS\System32\libmplayer.dll
[2007/12/22 16:02:50 | 000,188,416 | ---- | C] () -- D:\WINDOWS\System32\ff_theora.dll
[2007/12/22 15:27:22 | 003,104,256 | ---- | C] () -- D:\WINDOWS\System32\libavcodec.dll
[2007/12/03 10:34:32 | 000,026,624 | ---- | C] () -- D:\WINDOWS\System32\ff_wmv9.dll
[2007/12/01 07:43:30 | 000,520,192 | ---- | C] () -- D:\WINDOWS\System32\ff_x264.dll
[2007/11/29 06:52:36 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/08/22 10:30:19 | 000,000,031 | ---- | C] () -- D:\WINDOWS\opera.ini
[2007/06/14 15:59:52 | 000,000,086 | ---- | C] () -- D:\WINDOWS\WPCMAPI.INI
[2007/01/11 14:25:19 | 000,000,280 | ---- | C] () -- D:\WINDOWS\System32\epoPGPsdk.dll.sig
[2006/12/20 21:07:14 | 000,765,952 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2006/12/20 21:07:13 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2006/10/16 12:00:54 | 000,107,008 | ---- | C] () -- D:\WINDOWS\System32\fxtls432.dll
[2006/10/16 12:00:28 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\ESUtil.dll
[2006/08/28 21
[2006/08/28 21:28:55 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2006/08/28 21:01:54 | 000,016,480 | ---- | C] () -- D:\WINDOWS\System32\rixdicon.dll
[2006/03/27 10:08:34 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\nwslog32.dll
[2006/02/03 17:02:56 | 000,094,274 | ---- | C] () -- D:\WINDOWS\System32\HPBHEALR.DLL
[2005/08/10 11
[2005/04/18 07:43:00 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\setupw2k.dll
[2004/10/03 13:50:54 | 000,129,024 | ---- | C] () -- D:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- D:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[1996/11/18 01:00:00 | 000,748,160 | ---- | C] () -- D:\WINDOWS\System32\Co2c40en.dll
[1996/11/18 01:00:00 | 000,131,072 | ---- | C] () -- D:\WINDOWS\System32\P2sodbc.dll
[1996/11/18 01:00:00 | 000,054,272 | ---- | C] () -- D:\WINDOWS\System32\P2irdao.dll
[1996/11/18 01:00:00 | 000,050,176 | ---- | C] () -- D:\WINDOWS\System32\P2ctdao.dll
[1996/11/18 01:00:00 | 000,036,352 | ---- | C] () -- D:\WINDOWS\System32\P2bbnd.dll
========== LOP Check ==========
[2009/05/12 16:38:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Examsoft
[2009/02/22 14:12:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\FirstClass
[2010/01/30 16:01:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/07/22 21:01:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/20 14:38:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/01 14:36:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/25 13:23:18 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2008/10/01 22:53:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\BallStat
[2006/10/14 23:24:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\DrBigNutz
[2010/02/10 21:54:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Facebook
[2009/06/20 09:30:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\SystemRequirementsLab
[2010/07/22 21:00:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\uTorrent
[2010/07/22 21:02:27 | 000,000,472 | ---- | M] () -- D:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/07/22 21:02:28 | 000,000,472 | ---- | M] () -- D:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/07/22 21:02:29 | 000,000,472 | ---- | M] () -- D:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/07/22 21:02:30 | 000,000,472 | ---- | M] () -- D:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/07/22 21:02:31 | 000,000,472 | ---- | M] () -- D:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/30 09:24:00 | 000,000,406 | -H-- | M] () -- D:\WINDOWS\Tasks\{C307FC7B-00A0-467B-88CD-966EA5B4CA5E}_JUSTINDLAPTOP_Justin.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/07/22 20:26:03 | 000,014,171 | ---- | M] () -- D:\ComboFix.txt
[2010/07/22 20:59:24 | 2145,386,496 | -HS- | M] () -- D:\pagefile.sys
[2010/01/24 21:07:46 | 000,000,534 | ---- | M] () -- D:\UBSoftUpdate.log
[2007/06/14 15:59:23 | 000,000,546 | ---- | M] () -- D:\WT61CE.UWL
[2007/06/14 15:59:23 | 000,000,546 | ---- | M] () -- D:\WT61OZ.UWL
[2007/06/14 15:59:23 | 000,000,546 | ---- | M] () -- D:\WT61UK.UWL
[2007/06/14 15:59:23 | 000,008,074 | ---- | M] () -- D:\WT61US.UWL
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2004/12/05 23:09:50 | 000,062,976 | ---- | M] (Hewlett-Packard Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP38Y .DLL
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/08/28 15:28:32 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2006/08/28 15:28:32 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2006/08/28 15:28:32 | 000,892,928 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- D:\WINDOWS\system32\user32.dll
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- D:\WINDOWS\system32\ws2_32.dll
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- D:\WINDOWS\system32\ws2help.dll
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-10 02:16:09
========== Alternate Data Streams ==========
@Alternate Data Stream - 198 bytes -> D:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
Extras.Txt
OTL Extras logfile created on: 7/22/2010 9:04:19 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Documents and Settings\Justin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 14.52 Gb Total Space | 14.08 Gb Free Space | 96.98% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 39.95 Gb Free Space | 68.18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JUSTINDLAPTOP
Current User Name: Justin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet
"2869:TCP" = 2869:TCP:LocalSubNet
"" =
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"D:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:E nabled:Rosetta Stone Ltd Services -- ()
"D:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"D:\Program Files\McAfee\Common Framework\FrameworkService.exe" = D:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"D:\PROGRA~1\ExamSoft\SofTest\SoftLnch.exe" = D:\PROGRA~1\ExamSoft\SofTest\SoftLnch.exe:*:Enable d:SofLaunch -- (Rattet & Associates, Inc.)
"D:\PROGRA~1\ExamSoft\SofTest\softest.exe" = D:\PROGRA~1\ExamSoft\SofTest\SofTest.exe:*:Enabled :SofTest -- (Developed by Rattet & Associates, Inc.)
"D:\Program Files\ExamSoft\SofTest\SoftLnch.exe" = D:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch
-- File not found
"D:\Program Files\ExamSoft\SofTest\softest.exe" = D:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest
-- File not found
"D:\Program Files\Google\Google Talk\googletalk.exe" = D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"D:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:E nabled:Rosetta Stone Ltd Services -- ()
"D:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{55393517-DB95-4E82-884E-EDFA2C519458}" = WildVoice Studio 1.0
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.21
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C430FD9C-FFDC-484F-ABF4-870101AE4C70}" = SofTest
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E163F832-F5C8-44A3-B24C-CCA70874BF9F}" = CALI Author Student 3.3.3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BallStat" = James Habel Software BallStat 10.12.16
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10 0C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"Doyles Room Poker" = Doyles Room Poker
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HollywoodPoker" = HollywoodPoker.com (remove only)
"Lorenz Graf's HTMLtool 3.5" = Lorenz Graf's HTMLtool 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"PartyPoker" = PartyPoker
"Poker Tracker Version 2.16.03d_is1" = Poker Tracker Version 2.16.03d
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"PrimoPDF4.1.0.9" = PrimoPDF
"ProInst" = Intel(R) PROSet/Wireless Software
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"UltimateBet" = UltimateBet
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMS" = Windows NT Messaging
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.1.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/22/2010 8:19:00 PM | Computer Name = JUSTINDLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 7/22/2010 8:19:00 PM | Computer Name = JUSTINDLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 7/22/2010 8:19:33 PM | Computer Name = JUSTINDLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 7/22/2010 8:19:33 PM | Computer Name = JUSTINDLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 7/22/2010 8:57:48 PM | Computer Name = JUSTINDLAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/22/2010 8:57:48 PM | Computer Name = JUSTINDLAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/22/2010 8:59:40 PM | Computer Name = JUSTINDLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 7/22/2010 8:59:40 PM | Computer Name = JUSTINDLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 7/22/2010 8:59:40 PM | Computer Name = JUSTINDLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 7/22/2010 8:59:40 PM | Computer Name = JUSTINDLAPTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
[ System Events ]
Error - 7/22/2010 8:16:38 AM | Computer Name = JUSTINDLAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 7/22/2010 8:16:38 AM | Computer Name = JUSTINDLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
Error - 7/22/2010 8:17:36 AM | Computer Name = JUSTINDLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 7/22/2010 8:17:38 AM | Computer Name = JUSTINDLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 7/22/2010 2
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 7/22/2010 7:44:31 PM | Computer Name = JUSTINDLAPTOP | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.
Error - 7/22/2010 8:19:13 PM | Computer Name = JUSTINDLAPTOP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 7/22/2010 8:19:13 PM | Computer Name = JUSTINDLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
Error - 7/22/2010 8:59:55 PM | Computer Name = JUSTINDLAPTOP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 7/22/2010 8:59:55 PM | Computer Name = JUSTINDLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
< End of report >
Senior Member
I'm checking your logs...
Did you have a chance to read my previous reply?
