Hello, and thanks for letting me join the forum. I know you guys are busy, but I need to request help with an HJT log. I can find my way around the computer ok, but I'm not sure what is or isn't ok in the HJT log.
I am running McAfee Security suite. I clean with CCleaner, Advanced Systems Care, and JKDefrag. I use IE 8 with Yahoo toolbar and Windows XP.
I began noticing that when using yahoo search and clicking links that i was being redirected to odd/different sites then what the links where supposed to be to. I ran a full scan of McAfee and it found 2 trojans and SAYS it removed them. The redirrect issue has subsided somewhat but i fear that my PC may still be infected.
I ran HJT and saved a logfile of the scan which I have copied and pasted to the end of this plea for help.
Thanks for any and all help I may/will recieve ahead of time.
HunterCub
Logfile of HijackThis v1.99.1
Scan saved at 8:19:30 PM, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\OSD.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236879065691
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0245981248322136) (0245981248322136mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\024598~1.EXE (file missing)
O23 - Service: Adobe Version Cue CS4 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Full Version: Possible infection? HJT Log Attached
I realized that I had failed to run any of the diagnostics before making my first post and have gone back and done these.
I am listing the logs requested now, in order of request by the "please read this before poting" post:
Malwarebytes' Anti-Malware 1.39
Database version: 2492
Windows 5.1.2600 Service Pack 3
7/23/2009 9:26:11 PM
mbam-log-2009-07-23 (21-26-11).txt
Scan type: Quick Scan
Objects scanned: 93179
Time elapsed: 7 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\geyekrgopeitui.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.11 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:111 Go - Free:76 Go )
D:\ [Fixed-NTFS] .. ( Total:3 Go - Free:3 Go )
E:\ [Fixed-NTFS] .. ( Total:72 Go - Free:61 Go )
F:\ [CD_Rom]
G:\ [CD_Rom]
I:\ [Removable]
J:\ [Fixed-NTFS] .. ( Total:111 Go - Free:74 Go )
.
Scan : 21:31.31
Path : C:\Documents and Settings\DJ Headspace\Desktop\Rooter.exe
User : DJ Headspace ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (672)
______ \??\C:\WINDOWS\system32\csrss.exe (760)
______ \??\C:\WINDOWS\system32\winlogon.exe (792)
______ C:\WINDOWS\system32\services.exe (840)
______ C:\WINDOWS\system32\lsass.exe (852)
______ C:\WINDOWS\system32\Ati2evxx.exe (1008)
______ C:\WINDOWS\system32\svchost.exe (1040)
______ C:\WINDOWS\system32\svchost.exe (1116)
______ C:\WINDOWS\System32\svchost.exe (1208)
______ C:\WINDOWS\system32\svchost.exe (1344)
______ C:\WINDOWS\system32\Ati2evxx.exe (1408)
______ C:\WINDOWS\Explorer.EXE (1700)
______ C:\WINDOWS\system32\spoolsv.exe (1740)
______ C:\Program Files\Creative\Shared Files\CTAudSvc.exe (1788)
______ C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (1980)
______ C:\WINDOWS\MMKeybd.exe (2028)
______ C:\Program Files\Logitech\QuickCam\Quickcam.exe (2036)
______ C:\Program Files\Java\jre6\bin\jusched.exe (176)
______ C:\Program Files\Logitech\iTouch\iTouch.exe (192)
______ C:\Program Files\Netropa\OSD.exe (224)
______ C:\Program Files\Microsoft IntelliPoint\ipoint.exe (216)
______ C:\WINDOWS\Nhksrv.exe (244)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (272)
______ C:\WINDOWS\system32\CTHELPER.EXE (288)
______ C:\Program Files\iTunes\iTunesHelper.exe (324)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (336)
______ C:\Program Files\McAfee.com\Agent\mcagent.exe (340)
______ C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (420)
______ C:\Program Files\Bonjour\mDNSResponder.exe (436)
______ C:\Program Files\Java\jre6\bin\jqs.exe (552)
______ C:\WINDOWS\system32\ctfmon.exe (732)
______ C:\Program Files\Logitech\SetPoint\SetPoint.exe (1164)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (1292)
______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (1404)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (1580)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (1648)
______ c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (1644)
______ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (1880)
______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (1924)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (1964)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (2072)
______ C:\Program Files\McAfee\MSK\MskSrver.exe (2416)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2568)
______ C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (2732)
______ C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (2992)
______ C:\WINDOWS\system32\wuauclt.exe (268)
______ C:\Program Files\iPod\bin\iPodService.exe (2608)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3364)
______ C:\WINDOWS\System32\alg.exe (3380)
______ C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (4048)
______ C:\Documents and Settings\DJ Headspace\Desktop\Rooter.exe (448)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (1468)
______ c:\program files\logitech\quickcam\lu\lulnchr.exe (2024)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41126400 | Length:119982159360)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SCHEDLGU.TXT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{5106E387-0582-4AD1-B32E-E0BDA2A51DEC}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:32.28
.
C:\Rooter$\Rooter_1.txt - (23/07/2009 | 21:32.28)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/23 21:34
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: bfuan.sys
Image Path: bfuan.sys
Address: 0xF7661000 Size: 61440 File Visible: No Signed: -
Status: -
Name: PCI_PNP5932
Image Path: \Driver\PCI_PNP5932
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7CB3000 Size: 49152 File Visible: No Signed: -
Status: -
Name: spga.sys
Image Path: spga.sys
Address: 0xF753F000 Size: 1052672 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spga.sys" at address 0xf75400e0
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spga.sys" at address 0xf755eca4
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spga.sys" at address 0xf755f032
#: 119 Function Name: NtOpenKey
Status: Hooked by "spga.sys" at address 0xf75400c0
#: 160 Function Name: NtQueryKey
Status: Hooked by "spga.sys" at address 0xf755f10a
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spga.sys" at address 0xf755ef8a
#: 247 Function Name: NtSetValueKey
Status: Hooked by "spga.sys" at address 0xf755f19c
==EOF==
OTL logfile created on: 7/23/2009 9:38:55 PM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\DJ Headspace\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.98 Mb Total Physical Memory | 430.50 Mb Available Physical Memory | 42.08% Memory free
2.41 Gb Paging File | 1.82 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.74 Gb Total Space | 76.03 Gb Free Space | 68.04% Space Free | Partition Type: NTFS
Drive D: | 3.91 Gb Total Space | 3.70 Gb Free Space | 94.83% Space Free | Partition Type: NTFS
Drive E: | 72.42 Gb Total Space | 61.99 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive F: | 507.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.78 Gb Total Space | 0.07 Gb Free Space | 3.93% Space Free | Partition Type: FAT32
Drive J: | 111.79 Gb Total Space | 74.07 Gb Free Space | 66.26% Space Free | Partition Type: NTFS
Computer Name: HEADSPACE
Current User Name: DJ Headspace
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
PRC - C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
PRC - C:\Program Files\Netropa\OSD.exe (Netropa Corp.)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Nhksrv.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\DJ Headspace\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (0245981248322136mcinstcleanup [Auto | Stopped]) -- File not found
SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Disabled | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Nhksrv [Auto | Running]) -- C:\WINDOWS\Nhksrv.exe ()
SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (basic2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\basic2.sys (Conexant Systems)
DRV - (Cdr4_xp [System | Stopped]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (COMMONFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX.SYS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX.SYS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTERFXFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (CTERFXFX.SYS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX.SYS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (Fallback [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fallback.sys (Conexant Systems)
DRV - (FileDisk [System | Running]) -- C:\WINDOWS\System32\drivers\filedisk.sys (Bo Brantén)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (Fsks [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fsksnt.sys (Conexant Systems)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys ()
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (hap17v2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\hap17v2k.sys (Creative Technology Ltd)
DRV - (HSFHWBS2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys (Conexant Systems, Inc.)
DRV - (IdeBusDr [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (IdeChnDr [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (itchfltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\itchfltr.sys (Logitech, Inc.)
DRV - (K56 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\k56nt.sys (Conexant Systems)
DRV - (L8042Kbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys (Logitech Inc.)
DRV - (LBeepKE [Auto | Running]) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys (Logitech Inc.)
DRV - (LCcfltr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LCcFltr.Sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (McPvDrv [Boot | Running]) -- C:\WINDOWS\System32\drivers\McPvDrv.sys (McAfee)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Msikbd2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys (Netropa Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PacketNTx [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\PacketNTx.sys (Sumix Co.)
DRV - (pc22nd5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pc22nd5.sys (MCCI)
DRV - (pc22unic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pc22unic.sys (MCCI)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Rksample [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rksample.sys (Conexant Systems)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SoftFax [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\faxnt.sys (Conexant Systems)
DRV - (SpeakerPhone [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\spkpnt.sys (Conexant Systems)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (Tones [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tonesnt.sys (Conexant Systems)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V124 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\v124nt.sys (Conexant Systems)
DRV - (viafilter [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\viausb1.sys (VIA Technologies, Inc.)
DRV - (vulfnths [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\vulfnth.sys (VIA Technologies, Inc.)
DRV - (vulfntrs [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\vulfntr.sys (VIA Technologies, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie8"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 10:42:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/13 10:44:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/07/23 08:21:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/22 17:47:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/22 17:47:13 | 00,000,000 | ---D | M]
[2009/06/22 17:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\mozilla\Extensions
[2009/06/22 17:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/30 17:20:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\mozilla\Firefox\Profiles\gyc6b620.default\extensions
[2009/06/30 17:20:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\mozilla\Firefox\Profiles\gyc6b620.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/22 17:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/22 17:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/02 20:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/02 20:00:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/02 20:01:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/02 16:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/02 16:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 16:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/02 16:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/02 16:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/02 16:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/02 16:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (1216 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\DJ Headspace\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 7 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1236879065691 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 10:08:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater6 - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - Reg Error: Value error. File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2009/07/23 21:33:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\settings.dat
[2009/07/23 21:32:28 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/23 21:15:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Application Data\Malwarebytes
[2009/07/23 21:15:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/23 21:15:01 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/23 21:14:58 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/23 21:14:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/23 21:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/23 21:06:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/23 21:06:42 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/23 21:05:50 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\NTREGOPT.lnk
[2009/07/23 21:05:50 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\ERUNT.lnk
[2009/07/23 21:05:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/23 20:56:49 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DJ Headspace\Desktop\OTL.exe
[2009/07/23 20:56:33 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\DJ Headspace\Desktop\RootRepeal.exe
[2009/07/23 20:55:45 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\DJ Headspace\Desktop\Rooter.exe
[2009/07/23 20:54:06 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DJ Headspace\Desktop\TFC.exe
[2009/07/23 20:52:30 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\The_Comedian.exe
[2009/07/23 20:15:51 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/07/23 17:21:00 | 04,931,577 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10031102}.BAK
[2009/07/23 13:47:37 | 00,068,294 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\a_1248317040223_pt-kveldulf-n-seth-164.jpg
[2009/07/23 13:42:56 | 00,131,513 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\a_1242822795639_AnimalMagnetism.jpg
[2009/07/22 12:00:13 | 10,727,42400 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/22 03:26:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/21 21:06:07 | 00,008,385 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/21 21:02:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/07/21 20:59:22 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/07/21 20:59:22 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/07/21 20:59:22 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/07/21 20:59:18 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/07/21 20:59:01 | 00,000,354 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/21 20:58:59 | 00,000,346 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/21 20:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/07/21 20:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/07/21 20:58:32 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/07/21 20:54:42 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/07/21 20:49:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/07/21 20:20:51 | 00,000,000 | ---D | C] -- C:\mfe
[2009/07/21 20:20:37 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/07/21 14:22:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\My Documents\VirtualDJ
[2009/07/21 14:13:35 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\geyekrjxjexyea.dat
[2009/07/21 14:03:03 | 00,011,126 | ---- | C] () -- C:\WINDOWS\System32\geyekrrgsipvnq.dat
[2009/07/21 14:03:02 | 00,039,936 | ---- | C] () -- C:\WINDOWS\System32\geyekrxlyfylkm.dll
[2009/07/21 14:03:00 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\geyekrowyjrdum.sys
[2009/07/21 13:48:44 | 00,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2009/07/21 13:44:08 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2009/07/15 14:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/15 14:51:52 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/13 23:35:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2009/07/13 21:59:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Application Data\Steinberg
[2009/07/13 21:58:16 | 00,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009/07/13 21:58:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2009/07/13 21:50:48 | 00,012,928 | ---- | C] (Bo Brantén) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2009/07/11 20:28:25 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/11 20:28:25 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/11 12:56:54 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/11 12:56:53 | 00,031,680 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/11 12:56:53 | 00,031,680 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/11 12:54:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2009/07/11 12:53:47 | 04,931,577 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10031102}.CDF
[2009/07/10 17:24:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/07/10 17:20:03 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/07/04 06:52:56 | 19,278,140 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\shake it.avi
[2009/07/03 14:06:32 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2009/07/03 14:06:13 | 01,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2009/07/03 14:05:55 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/07/03 13:03:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Desktop\FL Studio
[2009/07/01 03:35:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/07/01 03:35:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2009/07/01 03:33:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/07/01 03:09:17 | 00,000,000 | ---D | C] -- C:\Program Files\SecondLife
[2009/06/30 23:19:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Application Data\Logitech
[2009/06/30 23:18:07 | 00,071,936 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LMOUKE.sys
[2009/06/30 23:18:07 | 00,055,936 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\L8042MOU.SYS
[2009/06/30 23:17:58 | 00,003,712 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys
[2009/06/30 23:17:56 | 00,155,648 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\kemutb.dll
[2009/06/30 23:17:56 | 00,131,072 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\KemUtil.dll
[2009/06/30 23:17:56 | 00,110,592 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\KemWnd.dll
[2009/06/30 23:17:56 | 00,069,632 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\KemXML.dll
[2009/06/30 23:17:52 | 00,001,501 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/06/30 23:17:41 | 00,013,568 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\L8042Kbd.sys
[2009/06/30 23:04:39 | 00,031,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\point32.sys
[2009/06/30 23:04:24 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2009/06/30 22:44:11 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2009/06/30 22:39:23 | 00,012,953 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\itchfltr.sys
[2009/06/30 22:39:19 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCI70.DLL
[2009/06/30 22:33:26 | 00,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2009/06/30 22:31:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/06/30 22:31:38 | 00,037,887 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2009/06/30 22:31:38 | 00,014,095 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LCcfltr.sys
[2009/06/30 21:51:38 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/06/30 21:43:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Application Data\Uniblue
[2009/06/30 21:42:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Desktop\VulpVIBE
[2009/06/29 19:37:42 | 00,006,820 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/28 02:02:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Desktop\Red Panda Pants
[2009/06/09 15:38:01 | 00,000,032 | ---- | C] () -- C:\WINDOWS\Autorun.INI
[2009/03/31 16:59:24 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/03/20 14:16:01 | 00,000,445 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/13 19:15:06 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/03/12 20:38:58 | 00,000,311 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/03/12 20:38:58 | 00,000,283 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2009/03/12 20:38:54 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/03/12 20:38:53 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2009/03/12 20:02:35 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/03/12 16:56:44 | 00,107,368 | ---- | C] () -- C:\WINDOWS\System32\GEARAspi.dll
[2009/03/12 16:56:44 | 00,023,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/03/12 10:36:04 | 00,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/12 10:10:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/04 13:15:26 | 00,049,697 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/03/04 13:15:24 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/03/04 12:47:28 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/03/04 12:46:18 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/12/16 21:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2007/08/13 20:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 17:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2004/08/04 05:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ==========
[2009/07/23 21:33:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\settings.dat
[2009/07/23 21:33:17 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5106E387-0582-4AD1-B32E-E0BDA2A51DEC}.job
[2009/07/23 21:30:50 | 00,008,385 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/23 21:29:13 | 00,000,283 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2009/07/23 21:29:07 | 00,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2009/07/23 21:28:49 | 00,000,311 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2009/07/23 21:28:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/23 21:28:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/23 21:28:34 | 10,727,42400 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/23 21:28:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/07/23 21:28:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/07/23 21:26:57 | 00,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:57 | 00,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:57 | 00,031,680 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:57 | 00,031,680 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:57 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:33 | 10,694,326 | -H-- | M] () -- C:\Documents and Settings\DJ Headspace\Local Settings\Application Data\IconCache.db
[2009/07/23 21:26:25 | 04,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10031102}.CDF
[2009/07/23 21:26:25 | 04,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10031102}.BAK
[2009/07/23 21:15:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/23 21:06:42 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/23 21:05:50 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\NTREGOPT.lnk
[2009/07/23 21:05:50 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\ERUNT.lnk
[2009/07/23 20:56:59 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ Headspace\Desktop\OTL.exe
[2009/07/23 20:55:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\DJ Headspace\Desktop\Rooter.exe
[2009/07/23 20:54:17 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ Headspace\Desktop\TFC.exe
[2009/07/23 20:52:56 | 00,000,524 | ---- | M] () -- C:\hpfr3320.xml
[2009/07/23 20:52:32 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\The_Comedian.exe
[2009/07/23 13:47:19 | 00,068,294 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\a_1248317040223_pt-kveldulf-n-seth-164.jpg
[2009/07/23 13:41:48 | 00,131,513 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\a_1242822795639_AnimalMagnetism.jpg
[2009/07/22 23:56:04 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/22 23:56:04 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/22 21:08:15 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/22 12:10:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/22 03:25:44 | 00,011,126 | ---- | M] () -- C:\WINDOWS\System32\geyekrrgsipvnq.dat
[2009/07/22 03:25:44 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\geyekrjxjexyea.dat
[2009/07/22 03:25:42 | 00,066,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\geyekrowyjrdum.sys
[2009/07/21 20:59:01 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/21 20:59:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/07/21 20:20:36 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/07/21 20:20:36 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/07/21 14:03:02 | 00,039,936 | ---- | M] () -- C:\WINDOWS\System32\geyekrxlyfylkm.dll
[2009/07/15 13:29:38 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 21:58:16 | 00,002,892 | ---- | M] () -- C:\WINDOWS\System32\audcon.sys
[2009/07/13 20:42:13 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 13:35:35 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/13 13:35:35 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/12 21:39:46 | 00,469,504 | ---- | M] ( ) -- C:\Documents and Settings\DJ Headspace\Desktop\RootRepeal.exe
[2009/07/11 12:53:32 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/07/11 12:53:32 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/07/10 15:22:20 | 00,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/07/07 08:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/03 18:33:47 | 00,102,856 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/01 03:23:41 | 00,006,820 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/01 02:16:23 | 00,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/01 00:08:06 | 00,101,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/30 23:24:22 | 00,151,840 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/30 23:23:45 | 02,531,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/30 23:17:52 | 00,001,501 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
========== LOP Check ==========
[2009/07/23 21:14:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/12 16:56:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/08 06:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/01 03:34:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/07/01 03:35:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2009/03/13 21:10:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/07/10 17:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/03/13 10:42:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/03/13 19:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/07/01 03:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/03/13 21:32:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/16 11:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/05/12 20:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/15 10:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/07/13 21:58:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2009/07/21 21:37:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/23 21:15:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DJ Headspace\Application Data
[2009/03/12 16:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\ATI
[2009/03/13 21:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/13 19:25:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\DAEMON Tools
[2009/07/13 20:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\DAEMON Tools Lite
[2009/03/13 19:29:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\DAEMON Tools Pro
[2009/04/17 08:18:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\ijjigame
[2009/03/12 18:33:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\IObit
[2009/03/12 10:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\Leadertech
[2009/04/15 10:29:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\OpenOffice.org
[2009/07/08 10:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\SecondLife
[2009/07/13 23:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\Steinberg
[2009/03/14 12:21:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\U3
[2009/07/01 03:35:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\Uniblue
[2009/03/13 00:26:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\Windows Search
[2009/07/22 21:08:15 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/21 20:59:01 | 00,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/07/21 20:59:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/07/23 21:28:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/07/23 21:26:41 | 00,032,540 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2009/07/23 21:33:17 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5106E387-0582-4AD1-B32E-E0BDA2A51DEC}.job
========== Purity Check ==========
========== Custom Scans ==========
< %systemroot%\System32\antiwpa.dll >
< %systemroot%\SYSTEM32\wpa.dll >
< %systemroot%\setup\scripts\biestart.exe >
< %systemroot%\system32\drivers\royal.sys >
< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >
< %TEMP%\antiwpa_crypt.dll >
< %TEMP%\antiwpa.dll /s >
< %PROGRAMFILES%\antiwpa.dll /s >
< %systemroot%\system32\crypt.dll >
< %TEMP%\crypt.dll >
< %SYSTEMDRIVE%\*. >
[2009/07/23 21:34:58 | 00,000,000 | ---D | M] -- C:
[2009/03/12 15:42:26 | 00,000,000 | ---D | M] -- C:\265a5af3d25e60ebdac05a52a55f79
[2009/03/12 14:17:08 | 00,000,000 | ---D | M] -- C:\ATI
[2009/07/22 02:59:29 | 00,000,000 | -HSD | M] -- C:\Config.Msi
[2009/03/12 20:42:46 | 00,000,000 | ---D | M] -- C:\DELL
[2009/03/31 14:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2009/03/31 16:49:47 | 00,000,000 | ---D | M] -- C:\ijji
[2009/03/12 19:54:02 | 00,000,000 | ---D | M] -- C:\Intel
[2009/07/21 20:20:52 | 00,000,000 | ---D | M] -- C:\mfe
[2009/07/23 21:14:57 | 00,000,000 | ---D | M] -- C:\Program Files
[2009/03/12 10:23:23 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/07/23 21:32:28 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/07/21 22:06:32 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/07/23 21:29:59 | 00,000,000 | ---D | M] -- C:\WINDOWS
< %SYSTEMDRIVE%\*.* >
[2009/03/12 10:08:34 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/12 10:01:57 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/03/12 10:08:34 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/03 15:08:06 | 00,001,322 | ---- | M] () -- C:\devicetable.log
[2009/07/23 21:28:34 | 10,727,42400 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/23 20:58:37 | 00,016,473 | ---- | M] () -- C:\hpfr3320.log
[2009/07/23 20:52:56 | 00,000,524 | ---- | M] () -- C:\hpfr3320.xml
[2009/03/12 10:08:34 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/30 22:49:35 | 00,000,000 | ---- | M] () -- C:\itouch_config_crash_info.txt
[2009/07/09 19:05:16 | 00,000,338 | ---- | M] () -- C:\itouch_crash_info.txt
[2009/03/12 10:08:34 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/12 13:05:23 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/07/23 21:28:27 | 16,106,12736 | -HS- | M] () -- C:\pagefile.sys
[2009/07/23 21:34:08 | 00,003,098 | ---- | M] () -- C:\RootRepeal report 07-23-09 (21-34-08).txt
< %PROGRAMFILES%\*. >
[2009/07/23 21:14:57 | 00,000,000 | ---D | M] -- C:\Program Files
[2009/03/28 11:32:20 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/13 20:09:33 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/03/12 16:52:46 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/07/21 13:48:44 | 00,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2009/07/10 17:20:58 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/06/09 16:07:05 | 00,000,000 | ---D | M] -- C:\Program Files\BestGameEver
[2009/03/26 12:08:56 | 00,000,000 | ---D | M] -- C:\Program Files\BitLord
[2009/03/12 16:55:30 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/04/30 07:22:09 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/07/21 21:39:46 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/12 15:28:03 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/07/11 12:54:23 | 00,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/05/13 06:19:51 | 00,000,000 | ---D | M] -- C:\Program Files\Driver Checker
[2009/07/23 21:06:42 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2009/03/12 10:26:54 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/07/23 20:19:29 | 00,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2009/03/12 10:26:26 | 00,000,000 | ---D | M] -- C:\Program Files\hp deskjet 3320 series
[2009/07/11 12:54:51 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/06/30 22:33:50 | 00,000,000 | ---D | M] -- C:\Program Files\intel
[2009/07/22 09:36:36 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/04/06 12:29:29 | 00,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/07/15 14:52:20 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/07/15 14:53:00 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/06/09 16:19:55 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/04/15 09:32:14 | 00,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/06/30 23:17:41 | 00,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/07/23 21:15:11 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/22 21:08:12 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/07/21 20:58:52 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2009/03/12 13:15:02 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/12 17:05:26 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/03/12 10:09:26 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/12 11:56:09 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/03/12 10:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/06/30 23:04:28 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/03/12 10:21:17 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/07/22 02:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/03/12 13:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/07/10 04:10:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/03/12 15:42:57 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/12 10:04:10 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/12 13:08:01 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/15 05:51:56 | 00,000,000 | ---D | M] -- C:\Program Files\Netropa
[2009/03/15 06:17:18 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/04/15 09:32:10 | 00,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2009/03/12 13:07:57 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/07/03 14:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Outsim
[2009/07/11 12:46:20 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/03/12 15:42:47 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/08 21:11:33 | 00,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/07/01 03:10:17 | 00,000,000 | ---D | M] -- C:\Program Files\SecondLife
[2009/05/02 10:51:48 | 00,000,000 | ---D | M] -- C:\Program Files\SHOUTcast
[2009/03/12 15:37:52 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/07/01 03:35:41 | 00,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2009/07/21 20:20:37 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/21 14:22:41 | 00,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2009/07/11 12:46:20 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/07/13 19:58:51 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/03/12 15:29:13 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/12 15:28:56 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/03/12 15:32:02 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/03/26 12:08:52 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/12 13:07:57 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/13 15:43:18 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/03/12 10:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/03/27 12:26:43 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!
< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DJ Headspace\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HEADSPACE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DJ Headspace
LOGONSERVER=\\HEADSPACE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\DMIX
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DJHEAD~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DJHEAD~1\LOCALS~1\Temp
USERDOMAIN=HEADSPACE
USERNAME=DJ Headspace
USERPROFILE=C:\Documents and Settings\DJ Headspace
windir=C:\WINDOWS
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 7/23/2009 9:38:55 PM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\DJ Headspace\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.98 Mb Total Physical Memory | 430.50 Mb Available Physical Memory | 42.08% Memory free
2.41 Gb Paging File | 1.82 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.74 Gb Total Space | 76.03 Gb Free Space | 68.04% Space Free | Partition Type: NTFS
Drive D: | 3.91 Gb Total Space | 3.70 Gb Free Space | 94.83% Space Free | Partition Type: NTFS
Drive E: | 72.42 Gb Total Space | 61.99 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive F: | 507.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.78 Gb Total Space | 0.07 Gb Free Space | 3.93% Space Free | Partition Type: FAT32
Drive J: | 111.79 Gb Total Space | 74.07 Gb Free Space | 66.26% Space Free | Partition Type: NTFS
Computer Name: HEADSPACE
Current User Name: DJ Headspace
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light
"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A26FA58F-0AD6-4F9C-A134-FE2CFB2EAE97}" = McAfee Anti-Theft
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_912" = Adobe Acrobat 9.1.2 - CPSID_49166
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCC07EEA-FA18-4A21-9105-9666603C6885}" = McAfee Virtual Technician
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"AudioConSole" = Creative Audio Console
"AudioCS" = Creative Audio Console
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"Game Booster_is1" = Game Booster
"HijackThis" = HijackThis 1.99.1
"hp deskjet 3320 series" = hp deskjet 3320 series (Remove only)
"hp deskjet 3320 series_Driver" = hp deskjet 3320 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SCDNAS" = SHOUTcast DNAS (remove only)
"SecondLife" = SecondLife (remove only)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/13/2009 12:35:58 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:37:36 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 2:27:02 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft Fix it 50027 -- This Microsoft Fix it does not
apply to your operating system or application version.
Error - 5/13/2009 2:27:52 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft Fix it 50027 -- This Microsoft Fix it does not
apply to your operating system or application version.
[ DriverScanne Events ]
Error - 5/13/2009 12:35:58 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:37:36 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 2:27:02 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description =
Error - 5/13/2009 2:27:52 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description =
[ DriverScanne Events ]
Error - 5/13/2009 12:35:58 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:37:36 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 2:27:02 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description =
Error - 5/13/2009 2:27:52 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description =
[ System Events ]
Error - 7/22/2009 2:59:00 PM | Computer Name = HEADSPACE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 7/22/2009 3:01:03 PM | Computer Name = HEADSPACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058
Error - 7/22/2009 3:01:31 PM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/23/2009 11:22:40 AM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/23/2009 8:28:26 PM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/23/2009 8:29:09 PM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/24/2009 12:13:01 AM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/24/2009 12:13:41 AM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/24/2009 12:29:52 AM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/24/2009 12:30:24 AM | Computer Name = HEADSPACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi IntelIde
< End of report >
I am listing the logs requested now, in order of request by the "please read this before poting" post:
Malwarebytes' Anti-Malware 1.39
Database version: 2492
Windows 5.1.2600 Service Pack 3
7/23/2009 9:26:11 PM
mbam-log-2009-07-23 (21-26-11).txt
Scan type: Quick Scan
Objects scanned: 93179
Time elapsed: 7 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\geyekrgopeitui.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.11 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:111 Go - Free:76 Go )
D:\ [Fixed-NTFS] .. ( Total:3 Go - Free:3 Go )
E:\ [Fixed-NTFS] .. ( Total:72 Go - Free:61 Go )
F:\ [CD_Rom]
G:\ [CD_Rom]
I:\ [Removable]
J:\ [Fixed-NTFS] .. ( Total:111 Go - Free:74 Go )
.
Scan : 21:31.31
Path : C:\Documents and Settings\DJ Headspace\Desktop\Rooter.exe
User : DJ Headspace ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (672)
______ \??\C:\WINDOWS\system32\csrss.exe (760)
______ \??\C:\WINDOWS\system32\winlogon.exe (792)
______ C:\WINDOWS\system32\services.exe (840)
______ C:\WINDOWS\system32\lsass.exe (852)
______ C:\WINDOWS\system32\Ati2evxx.exe (1008)
______ C:\WINDOWS\system32\svchost.exe (1040)
______ C:\WINDOWS\system32\svchost.exe (1116)
______ C:\WINDOWS\System32\svchost.exe (1208)
______ C:\WINDOWS\system32\svchost.exe (1344)
______ C:\WINDOWS\system32\Ati2evxx.exe (1408)
______ C:\WINDOWS\Explorer.EXE (1700)
______ C:\WINDOWS\system32\spoolsv.exe (1740)
______ C:\Program Files\Creative\Shared Files\CTAudSvc.exe (1788)
______ C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (1980)
______ C:\WINDOWS\MMKeybd.exe (2028)
______ C:\Program Files\Logitech\QuickCam\Quickcam.exe (2036)
______ C:\Program Files\Java\jre6\bin\jusched.exe (176)
______ C:\Program Files\Logitech\iTouch\iTouch.exe (192)
______ C:\Program Files\Netropa\OSD.exe (224)
______ C:\Program Files\Microsoft IntelliPoint\ipoint.exe (216)
______ C:\WINDOWS\Nhksrv.exe (244)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (272)
______ C:\WINDOWS\system32\CTHELPER.EXE (288)
______ C:\Program Files\iTunes\iTunesHelper.exe (324)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (336)
______ C:\Program Files\McAfee.com\Agent\mcagent.exe (340)
______ C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (420)
______ C:\Program Files\Bonjour\mDNSResponder.exe (436)
______ C:\Program Files\Java\jre6\bin\jqs.exe (552)
______ C:\WINDOWS\system32\ctfmon.exe (732)
______ C:\Program Files\Logitech\SetPoint\SetPoint.exe (1164)
______ C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (1292)
______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (1404)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (1580)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (1648)
______ c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (1644)
______ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (1880)
______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (1924)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (1964)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (2072)
______ C:\Program Files\McAfee\MSK\MskSrver.exe (2416)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2568)
______ C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (2732)
______ C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (2992)
______ C:\WINDOWS\system32\wuauclt.exe (268)
______ C:\Program Files\iPod\bin\iPodService.exe (2608)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3364)
______ C:\WINDOWS\System32\alg.exe (3380)
______ C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (4048)
______ C:\Documents and Settings\DJ Headspace\Desktop\Rooter.exe (448)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (1468)
______ c:\program files\logitech\quickcam\lu\lulnchr.exe (2024)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41126400 | Length:119982159360)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SCHEDLGU.TXT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{5106E387-0582-4AD1-B32E-E0BDA2A51DEC}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:32.28
.
C:\Rooter$\Rooter_1.txt - (23/07/2009 | 21:32.28)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/23 21:34
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: bfuan.sys
Image Path: bfuan.sys
Address: 0xF7661000 Size: 61440 File Visible: No Signed: -
Status: -
Name: PCI_PNP5932
Image Path: \Driver\PCI_PNP5932
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7CB3000 Size: 49152 File Visible: No Signed: -
Status: -
Name: spga.sys
Image Path: spga.sys
Address: 0xF753F000 Size: 1052672 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spga.sys" at address 0xf75400e0
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spga.sys" at address 0xf755eca4
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spga.sys" at address 0xf755f032
#: 119 Function Name: NtOpenKey
Status: Hooked by "spga.sys" at address 0xf75400c0
#: 160 Function Name: NtQueryKey
Status: Hooked by "spga.sys" at address 0xf755f10a
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spga.sys" at address 0xf755ef8a
#: 247 Function Name: NtSetValueKey
Status: Hooked by "spga.sys" at address 0xf755f19c
==EOF==
OTL logfile created on: 7/23/2009 9:38:55 PM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\DJ Headspace\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.98 Mb Total Physical Memory | 430.50 Mb Available Physical Memory | 42.08% Memory free
2.41 Gb Paging File | 1.82 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.74 Gb Total Space | 76.03 Gb Free Space | 68.04% Space Free | Partition Type: NTFS
Drive D: | 3.91 Gb Total Space | 3.70 Gb Free Space | 94.83% Space Free | Partition Type: NTFS
Drive E: | 72.42 Gb Total Space | 61.99 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive F: | 507.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.78 Gb Total Space | 0.07 Gb Free Space | 3.93% Space Free | Partition Type: FAT32
Drive J: | 111.79 Gb Total Space | 74.07 Gb Free Space | 66.26% Space Free | Partition Type: NTFS
Computer Name: HEADSPACE
Current User Name: DJ Headspace
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
PRC - C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
PRC - C:\Program Files\Netropa\OSD.exe (Netropa Corp.)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Nhksrv.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\DJ Headspace\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (0245981248322136mcinstcleanup [Auto | Stopped]) -- File not found
SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Audio Engine Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Disabled | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Nhksrv [Auto | Running]) -- C:\WINDOWS\Nhksrv.exe ()
SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (basic2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\basic2.sys (Conexant Systems)
DRV - (Cdr4_xp [System | Stopped]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (COMMONFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX.SYS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX.SYS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTERFXFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (CTERFXFX.SYS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX.SYS [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (Fallback [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fallback.sys (Conexant Systems)
DRV - (FileDisk [System | Running]) -- C:\WINDOWS\System32\drivers\filedisk.sys (Bo Brantén)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (Fsks [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fsksnt.sys (Conexant Systems)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys ()
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (hap17v2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\hap17v2k.sys (Creative Technology Ltd)
DRV - (HSFHWBS2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys (Conexant Systems, Inc.)
DRV - (IdeBusDr [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (IdeChnDr [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (itchfltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\itchfltr.sys (Logitech, Inc.)
DRV - (K56 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\k56nt.sys (Conexant Systems)
DRV - (L8042Kbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys (Logitech Inc.)
DRV - (LBeepKE [Auto | Running]) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys (Logitech Inc.)
DRV - (LCcfltr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LCcFltr.Sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (McPvDrv [Boot | Running]) -- C:\WINDOWS\System32\drivers\McPvDrv.sys (McAfee)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Msikbd2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys (Netropa Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PacketNTx [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\PacketNTx.sys (Sumix Co.)
DRV - (pc22nd5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pc22nd5.sys (MCCI)
DRV - (pc22unic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pc22unic.sys (MCCI)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Rksample [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rksample.sys (Conexant Systems)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SoftFax [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\faxnt.sys (Conexant Systems)
DRV - (SpeakerPhone [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\spkpnt.sys (Conexant Systems)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (Tones [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tonesnt.sys (Conexant Systems)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V124 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\v124nt.sys (Conexant Systems)
DRV - (viafilter [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\viausb1.sys (VIA Technologies, Inc.)
DRV - (vulfnths [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\vulfnth.sys (VIA Technologies, Inc.)
DRV - (vulfntrs [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\vulfntr.sys (VIA Technologies, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?fr=fp-yie8"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 10:42:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/13 10:44:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/07/23 08:21:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/22 17:47:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/22 17:47:13 | 00,000,000 | ---D | M]
[2009/06/22 17:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\mozilla\Extensions
[2009/06/22 17:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/30 17:20:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\mozilla\Firefox\Profiles\gyc6b620.default\extensions
[2009/06/30 17:20:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\mozilla\Firefox\Profiles\gyc6b620.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/22 17:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/22 17:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/02 20:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/02 20:00:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/02 20:01:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/02 16:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/02 16:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 16:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/02 16:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/02 16:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/02 16:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/02 16:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (1216 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\DJ Headspace\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 7 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1236879065691 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/12 10:08:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater6 - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - Reg Error: Value error. File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2009/07/23 21:33:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\settings.dat
[2009/07/23 21:32:28 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/23 21:15:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Application Data\Malwarebytes
[2009/07/23 21:15:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/23 21:15:01 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/23 21:14:58 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/23 21:14:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/23 21:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/23 21:06:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/23 21:06:42 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/23 21:05:50 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\NTREGOPT.lnk
[2009/07/23 21:05:50 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\ERUNT.lnk
[2009/07/23 21:05:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/23 20:56:49 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DJ Headspace\Desktop\OTL.exe
[2009/07/23 20:56:33 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\DJ Headspace\Desktop\RootRepeal.exe
[2009/07/23 20:55:45 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\DJ Headspace\Desktop\Rooter.exe
[2009/07/23 20:54:06 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DJ Headspace\Desktop\TFC.exe
[2009/07/23 20:52:30 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\The_Comedian.exe
[2009/07/23 20:15:51 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/07/23 17:21:00 | 04,931,577 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10031102}.BAK
[2009/07/23 13:47:37 | 00,068,294 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\a_1248317040223_pt-kveldulf-n-seth-164.jpg
[2009/07/23 13:42:56 | 00,131,513 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\a_1242822795639_AnimalMagnetism.jpg
[2009/07/22 12:00:13 | 10,727,42400 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/22 03:26:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/21 21:06:07 | 00,008,385 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/21 21:02:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/07/21 20:59:22 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/07/21 20:59:22 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/07/21 20:59:22 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/07/21 20:59:18 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/07/21 20:59:01 | 00,000,354 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/21 20:58:59 | 00,000,346 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/21 20:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/07/21 20:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/07/21 20:58:32 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/07/21 20:54:42 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/07/21 20:49:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/07/21 20:20:51 | 00,000,000 | ---D | C] -- C:\mfe
[2009/07/21 20:20:37 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/07/21 14:22:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\My Documents\VirtualDJ
[2009/07/21 14:13:35 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\geyekrjxjexyea.dat
[2009/07/21 14:03:03 | 00,011,126 | ---- | C] () -- C:\WINDOWS\System32\geyekrrgsipvnq.dat
[2009/07/21 14:03:02 | 00,039,936 | ---- | C] () -- C:\WINDOWS\System32\geyekrxlyfylkm.dll
[2009/07/21 14:03:00 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\geyekrowyjrdum.sys
[2009/07/21 13:48:44 | 00,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2009/07/21 13:44:08 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2009/07/15 14:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/15 14:51:52 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/13 23:35:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2009/07/13 21:59:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Application Data\Steinberg
[2009/07/13 21:58:16 | 00,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009/07/13 21:58:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2009/07/13 21:50:48 | 00,012,928 | ---- | C] (Bo Brantén) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2009/07/11 20:28:25 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/11 20:28:25 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/11 12:56:54 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/11 12:56:53 | 00,031,680 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/11 12:56:53 | 00,031,680 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/11 12:54:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2009/07/11 12:53:47 | 04,931,577 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10031102}.CDF
[2009/07/10 17:24:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/07/10 17:20:03 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/07/04 06:52:56 | 19,278,140 | ---- | C] () -- C:\Documents and Settings\DJ Headspace\Desktop\shake it.avi
[2009/07/03 14:06:32 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2009/07/03 14:06:13 | 01,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2009/07/03 14:05:55 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/07/03 13:03:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Desktop\FL Studio
[2009/07/01 03:35:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/07/01 03:35:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2009/07/01 03:33:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/07/01 03:09:17 | 00,000,000 | ---D | C] -- C:\Program Files\SecondLife
[2009/06/30 23:19:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Application Data\Logitech
[2009/06/30 23:18:07 | 00,071,936 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LMOUKE.sys
[2009/06/30 23:18:07 | 00,055,936 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\L8042MOU.SYS
[2009/06/30 23:17:58 | 00,003,712 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys
[2009/06/30 23:17:56 | 00,155,648 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\kemutb.dll
[2009/06/30 23:17:56 | 00,131,072 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\KemUtil.dll
[2009/06/30 23:17:56 | 00,110,592 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\KemWnd.dll
[2009/06/30 23:17:56 | 00,069,632 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\KemXML.dll
[2009/06/30 23:17:52 | 00,001,501 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/06/30 23:17:41 | 00,013,568 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\L8042Kbd.sys
[2009/06/30 23:04:39 | 00,031,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\point32.sys
[2009/06/30 23:04:24 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2009/06/30 22:44:11 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2009/06/30 22:39:23 | 00,012,953 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\itchfltr.sys
[2009/06/30 22:39:19 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCI70.DLL
[2009/06/30 22:33:26 | 00,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2009/06/30 22:31:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/06/30 22:31:38 | 00,037,887 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2009/06/30 22:31:38 | 00,014,095 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LCcfltr.sys
[2009/06/30 21:51:38 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/06/30 21:43:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Application Data\Uniblue
[2009/06/30 21:42:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Desktop\VulpVIBE
[2009/06/29 19:37:42 | 00,006,820 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/28 02:02:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DJ Headspace\Desktop\Red Panda Pants
[2009/06/09 15:38:01 | 00,000,032 | ---- | C] () -- C:\WINDOWS\Autorun.INI
[2009/03/31 16:59:24 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/03/20 14:16:01 | 00,000,445 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/13 19:15:06 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/03/12 20:38:58 | 00,000,311 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2009/03/12 20:38:58 | 00,000,283 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2009/03/12 20:38:54 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/03/12 20:38:53 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2009/03/12 20:02:35 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/03/12 16:56:44 | 00,107,368 | ---- | C] () -- C:\WINDOWS\System32\GEARAspi.dll
[2009/03/12 16:56:44 | 00,023,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/03/12 10:36:04 | 00,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/12 10:10:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/04 13:15:26 | 00,049,697 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/03/04 13:15:24 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/03/04 12:47:28 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/03/04 12:46:18 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/12/16 21:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2007/08/13 20:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 17:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2004/08/04 05:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ==========
[2009/07/23 21:33:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\settings.dat
[2009/07/23 21:33:17 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5106E387-0582-4AD1-B32E-E0BDA2A51DEC}.job
[2009/07/23 21:30:50 | 00,008,385 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/23 21:29:13 | 00,000,283 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2009/07/23 21:29:07 | 00,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2009/07/23 21:28:49 | 00,000,311 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2009/07/23 21:28:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/23 21:28:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/23 21:28:34 | 10,727,42400 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/23 21:28:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/07/23 21:28:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/07/23 21:26:57 | 00,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:57 | 00,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:57 | 00,031,680 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:57 | 00,031,680 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:57 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-10031102}.rfx
[2009/07/23 21:26:33 | 10,694,326 | -H-- | M] () -- C:\Documents and Settings\DJ Headspace\Local Settings\Application Data\IconCache.db
[2009/07/23 21:26:25 | 04,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10031102}.CDF
[2009/07/23 21:26:25 | 04,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-10031102}.BAK
[2009/07/23 21:15:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/23 21:06:42 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/23 21:05:50 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\NTREGOPT.lnk
[2009/07/23 21:05:50 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\ERUNT.lnk
[2009/07/23 20:56:59 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ Headspace\Desktop\OTL.exe
[2009/07/23 20:55:46 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\DJ Headspace\Desktop\Rooter.exe
[2009/07/23 20:54:17 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ Headspace\Desktop\TFC.exe
[2009/07/23 20:52:56 | 00,000,524 | ---- | M] () -- C:\hpfr3320.xml
[2009/07/23 20:52:32 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\The_Comedian.exe
[2009/07/23 13:47:19 | 00,068,294 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\a_1248317040223_pt-kveldulf-n-seth-164.jpg
[2009/07/23 13:41:48 | 00,131,513 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Desktop\a_1242822795639_AnimalMagnetism.jpg
[2009/07/22 23:56:04 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/22 23:56:04 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/22 21:08:15 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/22 12:10:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/22 03:25:44 | 00,011,126 | ---- | M] () -- C:\WINDOWS\System32\geyekrrgsipvnq.dat
[2009/07/22 03:25:44 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\geyekrjxjexyea.dat
[2009/07/22 03:25:42 | 00,066,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\geyekrowyjrdum.sys
[2009/07/21 20:59:01 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/21 20:59:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/07/21 20:20:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/07/21 20:20:36 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/07/21 20:20:36 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/07/21 14:03:02 | 00,039,936 | ---- | M] () -- C:\WINDOWS\System32\geyekrxlyfylkm.dll
[2009/07/15 13:29:38 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 21:58:16 | 00,002,892 | ---- | M] () -- C:\WINDOWS\System32\audcon.sys
[2009/07/13 20:42:13 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 13:35:35 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/13 13:35:35 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/12 21:39:46 | 00,469,504 | ---- | M] ( ) -- C:\Documents and Settings\DJ Headspace\Desktop\RootRepeal.exe
[2009/07/11 12:53:32 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/07/11 12:53:32 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/07/10 15:22:20 | 00,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/07/07 08:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/03 18:33:47 | 00,102,856 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/01 03:23:41 | 00,006,820 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/01 02:16:23 | 00,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/01 00:08:06 | 00,101,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/30 23:24:22 | 00,151,840 | ---- | M] () -- C:\Documents and Settings\DJ Headspace\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/30 23:23:45 | 02,531,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/30 23:17:52 | 00,001,501 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
========== LOP Check ==========
[2009/07/23 21:14:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/12 16:56:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/08 06:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/01 03:34:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/07/01 03:35:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2009/03/13 21:10:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/07/10 17:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/03/13 10:42:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/03/13 19:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/07/01 03:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/03/13 21:32:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/16 11:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/05/12 20:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/15 10:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/07/13 21:58:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2009/07/21 21:37:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/23 21:15:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DJ Headspace\Application Data
[2009/03/12 16:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\ATI
[2009/03/13 21:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/13 19:25:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\DAEMON Tools
[2009/07/13 20:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\DAEMON Tools Lite
[2009/03/13 19:29:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\DAEMON Tools Pro
[2009/04/17 08:18:42 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\ijjigame
[2009/03/12 18:33:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\IObit
[2009/03/12 10:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\Leadertech
[2009/04/15 10:29:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\OpenOffice.org
[2009/07/08 10:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\SecondLife
[2009/07/13 23:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\Steinberg
[2009/03/14 12:21:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\U3
[2009/07/01 03:35:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\Uniblue
[2009/03/13 00:26:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DJ Headspace\Application Data\Windows Search
[2009/07/22 21:08:15 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/21 20:59:01 | 00,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/07/21 20:59:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/07/23 21:28:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/07/23 21:26:41 | 00,032,540 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2009/07/23 21:33:17 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5106E387-0582-4AD1-B32E-E0BDA2A51DEC}.job
========== Purity Check ==========
========== Custom Scans ==========
< %systemroot%\System32\antiwpa.dll >
< %systemroot%\SYSTEM32\wpa.dll >
< %systemroot%\setup\scripts\biestart.exe >
< %systemroot%\system32\drivers\royal.sys >
< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >
< %TEMP%\antiwpa_crypt.dll >
< %TEMP%\antiwpa.dll /s >
< %PROGRAMFILES%\antiwpa.dll /s >
< %systemroot%\system32\crypt.dll >
< %TEMP%\crypt.dll >
< %SYSTEMDRIVE%\*. >
[2009/07/23 21:34:58 | 00,000,000 | ---D | M] -- C:
[2009/03/12 15:42:26 | 00,000,000 | ---D | M] -- C:\265a5af3d25e60ebdac05a52a55f79
[2009/03/12 14:17:08 | 00,000,000 | ---D | M] -- C:\ATI
[2009/07/22 02:59:29 | 00,000,000 | -HSD | M] -- C:\Config.Msi
[2009/03/12 20:42:46 | 00,000,000 | ---D | M] -- C:\DELL
[2009/03/31 14:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2009/03/31 16:49:47 | 00,000,000 | ---D | M] -- C:\ijji
[2009/03/12 19:54:02 | 00,000,000 | ---D | M] -- C:\Intel
[2009/07/21 20:20:52 | 00,000,000 | ---D | M] -- C:\mfe
[2009/07/23 21:14:57 | 00,000,000 | ---D | M] -- C:\Program Files
[2009/03/12 10:23:23 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/07/23 21:32:28 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/07/21 22:06:32 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/07/23 21:29:59 | 00,000,000 | ---D | M] -- C:\WINDOWS
< %SYSTEMDRIVE%\*.* >
[2009/03/12 10:08:34 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/12 10:01:57 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/03/12 10:08:34 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/03 15:08:06 | 00,001,322 | ---- | M] () -- C:\devicetable.log
[2009/07/23 21:28:34 | 10,727,42400 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/23 20:58:37 | 00,016,473 | ---- | M] () -- C:\hpfr3320.log
[2009/07/23 20:52:56 | 00,000,524 | ---- | M] () -- C:\hpfr3320.xml
[2009/03/12 10:08:34 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/30 22:49:35 | 00,000,000 | ---- | M] () -- C:\itouch_config_crash_info.txt
[2009/07/09 19:05:16 | 00,000,338 | ---- | M] () -- C:\itouch_crash_info.txt
[2009/03/12 10:08:34 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/12 13:05:23 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/07/23 21:28:27 | 16,106,12736 | -HS- | M] () -- C:\pagefile.sys
[2009/07/23 21:34:08 | 00,003,098 | ---- | M] () -- C:\RootRepeal report 07-23-09 (21-34-08).txt
< %PROGRAMFILES%\*. >
[2009/07/23 21:14:57 | 00,000,000 | ---D | M] -- C:\Program Files
[2009/03/28 11:32:20 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/13 20:09:33 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/03/12 16:52:46 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/07/21 13:48:44 | 00,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2009/07/10 17:20:58 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/06/09 16:07:05 | 00,000,000 | ---D | M] -- C:\Program Files\BestGameEver
[2009/03/26 12:08:56 | 00,000,000 | ---D | M] -- C:\Program Files\BitLord
[2009/03/12 16:55:30 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/04/30 07:22:09 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/07/21 21:39:46 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/12 15:28:03 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/07/11 12:54:23 | 00,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/05/13 06:19:51 | 00,000,000 | ---D | M] -- C:\Program Files\Driver Checker
[2009/07/23 21:06:42 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2009/03/12 10:26:54 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/07/23 20:19:29 | 00,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2009/03/12 10:26:26 | 00,000,000 | ---D | M] -- C:\Program Files\hp deskjet 3320 series
[2009/07/11 12:54:51 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/06/30 22:33:50 | 00,000,000 | ---D | M] -- C:\Program Files\intel
[2009/07/22 09:36:36 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/04/06 12:29:29 | 00,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/07/15 14:52:20 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/07/15 14:53:00 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/06/09 16:19:55 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/04/15 09:32:14 | 00,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/06/30 23:17:41 | 00,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/07/23 21:15:11 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/22 21:08:12 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/07/21 20:58:52 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2009/03/12 13:15:02 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/12 17:05:26 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/03/12 10:09:26 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/12 11:56:09 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/03/12 10:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/06/30 23:04:28 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/03/12 10:21:17 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/07/22 02:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/03/12 13:10:26 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/07/10 04:10:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/03/12 15:42:57 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/12 10:04:10 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/12 13:08:01 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/15 05:51:56 | 00,000,000 | ---D | M] -- C:\Program Files\Netropa
[2009/03/15 06:17:18 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/04/15 09:32:10 | 00,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2009/03/12 13:07:57 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/07/03 14:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Outsim
[2009/07/11 12:46:20 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/03/12 15:42:47 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/08 21:11:33 | 00,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/07/01 03:10:17 | 00,000,000 | ---D | M] -- C:\Program Files\SecondLife
[2009/05/02 10:51:48 | 00,000,000 | ---D | M] -- C:\Program Files\SHOUTcast
[2009/03/12 15:37:52 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/07/01 03:35:41 | 00,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2009/07/21 20:20:37 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/21 14:22:41 | 00,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2009/07/11 12:46:20 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/07/13 19:58:51 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/03/12 15:29:13 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/12 15:28:56 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/03/12 15:32:02 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/03/26 12:08:52 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/12 13:07:57 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/13 15:43:18 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/03/12 10:08:49 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/03/27 12:26:43 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!
< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DJ Headspace\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HEADSPACE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DJ Headspace
LOGONSERVER=\\HEADSPACE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\DMIX
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DJHEAD~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DJHEAD~1\LOCALS~1\Temp
USERDOMAIN=HEADSPACE
USERNAME=DJ Headspace
USERPROFILE=C:\Documents and Settings\DJ Headspace
windir=C:\WINDOWS
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 7/23/2009 9:38:55 PM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\DJ Headspace\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.98 Mb Total Physical Memory | 430.50 Mb Available Physical Memory | 42.08% Memory free
2.41 Gb Paging File | 1.82 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.74 Gb Total Space | 76.03 Gb Free Space | 68.04% Space Free | Partition Type: NTFS
Drive D: | 3.91 Gb Total Space | 3.70 Gb Free Space | 94.83% Space Free | Partition Type: NTFS
Drive E: | 72.42 Gb Total Space | 61.99 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive F: | 507.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.78 Gb Total Space | 0.07 Gb Free Space | 3.93% Space Free | Partition Type: FAT32
Drive J: | 111.79 Gb Total Space | 74.07 Gb Free Space | 66.26% Space Free | Partition Type: NTFS
Computer Name: HEADSPACE
Current User Name: DJ Headspace
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light
"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A26FA58F-0AD6-4F9C-A134-FE2CFB2EAE97}" = McAfee Anti-Theft
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_912" = Adobe Acrobat 9.1.2 - CPSID_49166
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCC07EEA-FA18-4A21-9105-9666603C6885}" = McAfee Virtual Technician
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"AudioConSole" = Creative Audio Console
"AudioCS" = Creative Audio Console
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"Game Booster_is1" = Game Booster
"HijackThis" = HijackThis 1.99.1
"hp deskjet 3320 series" = hp deskjet 3320 series (Remove only)
"hp deskjet 3320 series_Driver" = hp deskjet 3320 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SCDNAS" = SHOUTcast DNAS (remove only)
"SecondLife" = SecondLife (remove only)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/13/2009 12:35:58 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:37:36 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 2:27:02 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft Fix it 50027 -- This Microsoft Fix it does not
apply to your operating system or application version.
Error - 5/13/2009 2:27:52 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft Fix it 50027 -- This Microsoft Fix it does not
apply to your operating system or application version.
[ DriverScanne Events ]
Error - 5/13/2009 12:35:58 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:37:36 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 2:27:02 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description =
Error - 5/13/2009 2:27:52 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description =
[ DriverScanne Events ]
Error - 5/13/2009 12:35:58 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:09 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:18 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:36:19 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 12:37:36 AM | Computer Name = HEADSPACE | Source = Driver Detective | ID = 1000
Description =
Error - 5/13/2009 2:27:02 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description =
Error - 5/13/2009 2:27:52 PM | Computer Name = HEADSPACE | Source = MsiInstaller | ID = 1013
Description =
[ System Events ]
Error - 7/22/2009 2:59:00 PM | Computer Name = HEADSPACE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 7/22/2009 3:01:03 PM | Computer Name = HEADSPACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058
Error - 7/22/2009 3:01:31 PM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/23/2009 11:22:40 AM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/23/2009 8:28:26 PM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/23/2009 8:29:09 PM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/24/2009 12:13:01 AM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/24/2009 12:13:41 AM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/24/2009 12:29:52 AM | Computer Name = HEADSPACE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.
Error - 7/24/2009 12:30:24 AM | Computer Name = HEADSPACE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi IntelIde
< End of report >
Ok, after running all the roots and loggers i descided to run IObit security 360 and it found a trojan marked as Driver Checker. I had it removed from the system.
This is the log from IObit security 360:
IObit Security 360
OS:Windows XP
Version:0.2.1.75
Define Version:1080
Time:7/23/2009 11:58:39 PM
|Name|Type|Description|ID|
Rogue.DriverChecker - Removed, Folder, C:\Program Files\Driver Checker, 3-2875
Rogue.DriverChecker - Removed, Folder, C:\Program Files\Driver Checker\LiveUpdate, 3-2875
Rogue.DriverChecker - Quarantined, File, C:\Program Files\Driver Checker\LiveUpdate\Update.ini, 3-2875
After running this and deleting the suspected infection i did a reboot and reran HJT and got a new log:
Logfile of HijackThis v1.99.1
Scan saved at 12:06:52 AM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236879065691
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0245981248322136) (0245981248322136mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\024598~1.EXE (file missing)
O23 - Service: Adobe Version Cue CS4 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
At this point I am completely uncertain as to weather i have rid my computer of infections or if i still have work to do. From this point forward I will be ceasing all actions to find infections and will be awaiting further assistance .
This is the log from IObit security 360:
IObit Security 360
OS:Windows XP
Version:0.2.1.75
Define Version:1080
Time:7/23/2009 11:58:39 PM
|Name|Type|Description|ID|
Rogue.DriverChecker - Removed, Folder, C:\Program Files\Driver Checker, 3-2875
Rogue.DriverChecker - Removed, Folder, C:\Program Files\Driver Checker\LiveUpdate, 3-2875
Rogue.DriverChecker - Quarantined, File, C:\Program Files\Driver Checker\LiveUpdate\Update.ini, 3-2875
After running this and deleting the suspected infection i did a reboot and reran HJT and got a new log:
Logfile of HijackThis v1.99.1
Scan saved at 12:06:52 AM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236879065691
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0245981248322136) (0245981248322136mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\024598~1.EXE (file missing)
O23 - Service: Adobe Version Cue CS4 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
At this point I am completely uncertain as to weather i have rid my computer of infections or if i still have work to do. From this point forward I will be ceasing all actions to find infections and will be awaiting further assistance .
hi
Run OTL
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the followingCODE:OTL
:Services
bfuan
:Reg
:Files
C:\windows\system32\bfuan.sys /s
:Commands
[purity]
[emptytemp]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
- During the download, rename Combofix to Combo-Fix as follows:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
----------------------------------------------------------- - Double click on combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
This may sound like a retarded question...but...would running OTL and Combo-Fix be acceptable while running safe mode? I am aware that some security programs are difficult to turn off (esp McAfee security suite which i am using), and that running in safe mode typically make programs like McAfee automatically be dissabled.
ok, I have effectively run Combo-Fix.exe (while NOT in safe mode and with McAfee manually dissabled) and recieved the following log for review:
ComboFix 09-07-23.04 - DJ Headspace 07/24/2009 19:00.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.545 [GMT -7:00]
Running from: c:\documents and settings\DJ Headspace\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Installer\13a0557.msp
c:\windows\Installer\38804.msi
c:\windows\Installer\74c10.msi
c:\windows\system32\drivers\geyekrowyjrdum.sys
c:\windows\system32\geyekrjxjexyea.dat
c:\windows\system32\geyekrrgsipvnq.dat
c:\windows\system32\geyekrxlyfylkm.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_geyekruxjrutpq
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-25 00:42 . 2009-07-25 00:42 -------- d-----w- C:\_OTL
2009-07-24 05:48 . 2009-07-24 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-07-24 04:32 . 2009-07-24 04:32 -------- d-----w- C:\Rooter$
2009-07-24 04:15 . 2009-07-24 04:15 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Malwarebytes
2009-07-24 04:15 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 04:14 . 2009-07-24 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-24 04:14 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 04:14 . 2009-07-24 04:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 10:26 . 2009-07-22 10:26 -------- dc-h--w- c:\windows\ie8
2009-07-22 04:02 . 2009-07-22 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-07-22 03:59 . 2009-05-14 06:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-22 03:59 . 2009-05-14 06:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-22 03:59 . 2009-05-14 06:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-22 03:59 . 2009-04-09 21:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-22 03:58 . 2009-07-22 03:59 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-22 03:58 . 2009-07-22 03:58 -------- d-----w- c:\program files\McAfee.com
2009-07-22 03:58 . 2009-07-23 04:08 -------- d-----w- c:\program files\McAfee
2009-07-22 03:54 . 2009-05-14 06:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-22 03:49 . 2009-07-22 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-22 03:20 . 2009-07-22 03:20 -------- d-----w- C:\mfe
2009-07-22 03:03 . 2009-07-22 03:03 61224 ----a-w- c:\documents and settings\DJ Headspace\GoToAssistDownloadHelper.exe
2009-07-21 20:48 . 2009-07-21 20:48 -------- d-----w- c:\program files\ASIO4ALL v2
2009-07-21 20:44 . 2009-07-21 21:22 -------- d-----w- c:\program files\VirtualDJ
2009-07-15 21:52 . 2009-07-15 21:52 -------- d-----w- c:\program files\iPod
2009-07-15 21:51 . 2009-07-15 21:53 -------- d-----w- c:\program files\iTunes
2009-07-14 06:35 . 2009-07-14 06:35 -------- d-----w- c:\program files\Common Files\Steinberg
2009-07-14 05:11 . 2009-07-14 05:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-07-14 04:59 . 2009-07-14 06:35 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Steinberg
2009-07-14 04:58 . 2009-07-14 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Syncrosoft
2009-07-14 04:58 . 2009-07-14 04:58 2892 ----a-w- c:\windows\system32\audcon.sys
2009-07-14 04:50 . 2005-10-16 15:00 12928 ----a-w- c:\windows\system32\drivers\filedisk.sys
2009-07-11 19:54 . 2009-07-11 19:54 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-07-11 00:24 . 2009-07-11 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-07-11 00:20 . 2009-02-04 04:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-07-03 21:06 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-07-03 21:05 . 2009-07-03 21:05 -------- d-----w- c:\program files\Outsim
2009-07-01 10:35 . 2009-07-01 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-01 10:35 . 2009-07-01 10:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-07-01 10:33 . 2009-07-01 10:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-07-01 10:09 . 2009-07-01 10:10 -------- d-----w- c:\program files\SecondLife
2009-07-01 07:16 . 2009-07-01 07:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-07-01 06:19 . 2009-07-01 06:19 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Logitech
2009-07-01 06:18 . 2006-07-19 19:28 71936 ----a-w- c:\windows\system32\drivers\LMOUKE.sys
2009-07-01 06:18 . 2006-07-19 19:27 55936 ----a-w- c:\windows\system32\drivers\L8042MOU.SYS
2009-07-01 06:17 . 2006-09-01 19:32 3712 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-07-01 06:17 . 2006-09-01 17:23 69632 ----a-w- c:\windows\system32\KemXML.dll
2009-07-01 06:17 . 2006-09-01 17:22 155648 ----a-w- c:\windows\system32\kemutb.dll
2009-07-01 06:17 . 2006-09-01 17:21 110592 ----a-w- c:\windows\system32\KemWnd.dll
2009-07-01 06:17 . 2006-09-01 17:20 131072 ----a-w- c:\windows\system32\KemUtil.dll
2009-07-01 06:17 . 2006-07-19 19:27 13568 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2009-07-01 06:04 . 2008-06-10 20:04 31048 ----a-w- c:\windows\system32\drivers\point32.sys
2009-07-01 06:04 . 2009-07-01 06:04 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-07-01 05:44 . 2009-07-01 05:44 -------- d-----w- c:\documents and settings\DJ Headspace\ErrorLogs
2009-07-01 05:39 . 2004-03-10 20:42 12953 ----a-w- c:\windows\system32\drivers\itchfltr.sys
2009-07-01 05:39 . 2002-01-05 11:38 54784 ----a-w- c:\windows\system32\MSVCI70.DLL
2009-07-01 05:31 . 2009-07-01 06:17 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-01 05:31 . 2004-03-03 16:50 37887 ----a-w- c:\windows\system32\drivers\LHidUsb.sys
2009-07-01 05:31 . 2004-03-03 16:50 14095 ----a-w- c:\windows\system32\drivers\LCcfltr.sys
2009-07-01 05:14 . 2009-07-01 09:52 1338416 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-01 04:51 . 2009-07-01 10:35 -------- d-----w- c:\program files\Uniblue
2009-07-01 04:43 . 2009-07-01 10:35 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Uniblue
2009-06-30 02:37 . 2009-07-01 10:23 6820 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 01:26 . 2009-03-12 18:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-25 01:26 . 2009-03-12 17:34 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-24 05:48 . 2009-03-13 01:33 -------- d-----w- c:\program files\IObit
2009-07-24 00:36 . 2009-03-12 17:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-07-22 09:59 . 2009-03-12 22:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 04:37 . 2009-03-15 17:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 21:52 . 2009-03-12 23:51 -------- d-----w- c:\program files\Common Files\Apple
2009-07-14 03:49 . 2009-03-14 02:14 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\DAEMON Tools Lite
2009-07-14 03:42 . 2009-03-14 02:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-14 02:58 . 2009-03-12 22:34 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-13 18:46 . 2009-03-12 19:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-11 19:54 . 2009-03-12 17:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 19:54 . 2009-03-26 19:07 -------- d-----w- c:\program files\Creative
2009-07-11 19:53 . 2009-03-12 23:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-11 19:53 . 2009-03-12 23:32 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-11 19:53 . 2009-03-12 23:32 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Creative
2009-07-11 19:46 . 2009-03-13 21:01 -------- d-----w- c:\program files\Winamp
2009-07-11 19:46 . 2009-03-12 23:53 -------- d-----w- c:\program files\QuickTime
2009-07-11 00:20 . 2009-03-12 21:18 -------- d-----w- c:\program files\ATI Technologies
2009-07-09 04:11 . 2009-03-15 12:24 -------- d-----w- c:\program files\Safari
2009-07-08 17:28 . 2009-03-13 19:37 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\SecondLife
2009-07-06 23:46 . 2009-03-12 23:57 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Apple Computer
2009-07-04 01:33 . 2009-03-28 05:33 102856 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-01 06:24 . 2009-03-12 22:22 151840 ----a-w- c:\documents and settings\DJ Headspace\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 06:17 . 2009-03-16 18:12 -------- d-----w- c:\program files\Logitech
2009-07-01 05:33 . 2009-03-12 17:25 -------- d-----w- c:\program files\intel
2009-06-23 00:47 . 2009-06-23 00:47 0 ----a-w- c:\windows\nsreg.dat
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 07:01 . 2009-03-12 22:38 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Skype
2009-06-09 23:19 . 2009-04-13 17:07 -------- d-----w- c:\program files\Java
2009-06-09 23:07 . 2009-06-09 23:07 -------- d-----w- c:\program files\BestGameEver
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 20:36 . 2009-03-12 23:52 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 20:36 . 2009-03-12 23:52 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-21 18:33 . 2009-04-13 17:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-14 06:25 . 2009-05-14 06:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-03 03:00 . 2009-06-23 00:47 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-25_01.27.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-12 17:12 . 2009-07-25 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-12 17:12 . 2009-07-24 21:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-12 17:12 . 2009-07-25 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-12 17:12 . 2009-07-24 21:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-12 17:12 . 2009-07-25 01:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-12 17:12 . 2009-07-24 21:49 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-28 655360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"DellTouch"="c:\windows\MMKeybd.exe" [2002-01-17 163840]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-10 1176808]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2009-03-04 19456]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-30 671744]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [5/28/2008 9:32 AM 61688]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [7/23/2009 10:48 PM 304400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/30/2009 11:17 PM 3712]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/21/2009 9:02 PM 210216]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [3/12/2009 8:38 PM 28672]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [6/30/2009 10:31 PM 14095]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [3/12/2009 8:38 PM 6656]
S2 0245981248322136mcinstcleanup;McAfee Application Installer Cleanup (0245981248322136);c:\windows\TEMP\024598~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\024598~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7/11/2009 12:54 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296]
S3 MTK;Media Technology Kernel Driver; [x]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PacketNTx;Packet helper driver;c:\windows\system32\drivers\PacketNTx.sys [3/12/2009 10:32 AM 24544]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [3/12/2009 10:47 AM 17648]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [3/12/2009 10:46 AM 69744]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [3/12/2009 7:56 PM 9728]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-07-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-22 15:57]
2009-07-22 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-22 15:57]
2009-07-25 c:\windows\Tasks\User_Feed_Synchronization-{5106E387-0582-4AD1-B32E-E0BDA2A51DEC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\docume~1\DJHEAD~1\APPLIC~1\Mozilla\Firefox\Profiles\gyc6b620.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-yie8
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 19:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(7576)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-25 19:07
ComboFix-quarantined-files.txt 2009-07-25 02:07
Pre-Run: 82,044,686,336 bytes free
Post-Run: 82,022,498,304 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
296 --- E O F --- 2009-07-22 09:59
ComboFix 09-07-23.04 - DJ Headspace 07/24/2009 19:00.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.545 [GMT -7:00]
Running from: c:\documents and settings\DJ Headspace\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Installer\13a0557.msp
c:\windows\Installer\38804.msi
c:\windows\Installer\74c10.msi
c:\windows\system32\drivers\geyekrowyjrdum.sys
c:\windows\system32\geyekrjxjexyea.dat
c:\windows\system32\geyekrrgsipvnq.dat
c:\windows\system32\geyekrxlyfylkm.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_geyekruxjrutpq
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-25 00:42 . 2009-07-25 00:42 -------- d-----w- C:\_OTL
2009-07-24 05:48 . 2009-07-24 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-07-24 04:32 . 2009-07-24 04:32 -------- d-----w- C:\Rooter$
2009-07-24 04:15 . 2009-07-24 04:15 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Malwarebytes
2009-07-24 04:15 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 04:14 . 2009-07-24 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-24 04:14 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 04:14 . 2009-07-24 04:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 10:26 . 2009-07-22 10:26 -------- dc-h--w- c:\windows\ie8
2009-07-22 04:02 . 2009-07-22 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-07-22 03:59 . 2009-05-14 06:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-22 03:59 . 2009-05-14 06:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-22 03:59 . 2009-05-14 06:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-22 03:59 . 2009-04-09 21:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-22 03:58 . 2009-07-22 03:59 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-22 03:58 . 2009-07-22 03:58 -------- d-----w- c:\program files\McAfee.com
2009-07-22 03:58 . 2009-07-23 04:08 -------- d-----w- c:\program files\McAfee
2009-07-22 03:54 . 2009-05-14 06:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-22 03:49 . 2009-07-22 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-22 03:20 . 2009-07-22 03:20 -------- d-----w- C:\mfe
2009-07-22 03:03 . 2009-07-22 03:03 61224 ----a-w- c:\documents and settings\DJ Headspace\GoToAssistDownloadHelper.exe
2009-07-21 20:48 . 2009-07-21 20:48 -------- d-----w- c:\program files\ASIO4ALL v2
2009-07-21 20:44 . 2009-07-21 21:22 -------- d-----w- c:\program files\VirtualDJ
2009-07-15 21:52 . 2009-07-15 21:52 -------- d-----w- c:\program files\iPod
2009-07-15 21:51 . 2009-07-15 21:53 -------- d-----w- c:\program files\iTunes
2009-07-14 06:35 . 2009-07-14 06:35 -------- d-----w- c:\program files\Common Files\Steinberg
2009-07-14 05:11 . 2009-07-14 05:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-07-14 04:59 . 2009-07-14 06:35 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Steinberg
2009-07-14 04:58 . 2009-07-14 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Syncrosoft
2009-07-14 04:58 . 2009-07-14 04:58 2892 ----a-w- c:\windows\system32\audcon.sys
2009-07-14 04:50 . 2005-10-16 15:00 12928 ----a-w- c:\windows\system32\drivers\filedisk.sys
2009-07-11 19:54 . 2009-07-11 19:54 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-07-11 00:24 . 2009-07-11 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-07-11 00:20 . 2009-02-04 04:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-07-03 21:06 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-07-03 21:05 . 2009-07-03 21:05 -------- d-----w- c:\program files\Outsim
2009-07-01 10:35 . 2009-07-01 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-01 10:35 . 2009-07-01 10:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-07-01 10:33 . 2009-07-01 10:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-07-01 10:09 . 2009-07-01 10:10 -------- d-----w- c:\program files\SecondLife
2009-07-01 07:16 . 2009-07-01 07:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-07-01 06:19 . 2009-07-01 06:19 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Logitech
2009-07-01 06:18 . 2006-07-19 19:28 71936 ----a-w- c:\windows\system32\drivers\LMOUKE.sys
2009-07-01 06:18 . 2006-07-19 19:27 55936 ----a-w- c:\windows\system32\drivers\L8042MOU.SYS
2009-07-01 06:17 . 2006-09-01 19:32 3712 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-07-01 06:17 . 2006-09-01 17:23 69632 ----a-w- c:\windows\system32\KemXML.dll
2009-07-01 06:17 . 2006-09-01 17:22 155648 ----a-w- c:\windows\system32\kemutb.dll
2009-07-01 06:17 . 2006-09-01 17:21 110592 ----a-w- c:\windows\system32\KemWnd.dll
2009-07-01 06:17 . 2006-09-01 17:20 131072 ----a-w- c:\windows\system32\KemUtil.dll
2009-07-01 06:17 . 2006-07-19 19:27 13568 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2009-07-01 06:04 . 2008-06-10 20:04 31048 ----a-w- c:\windows\system32\drivers\point32.sys
2009-07-01 06:04 . 2009-07-01 06:04 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-07-01 05:44 . 2009-07-01 05:44 -------- d-----w- c:\documents and settings\DJ Headspace\ErrorLogs
2009-07-01 05:39 . 2004-03-10 20:42 12953 ----a-w- c:\windows\system32\drivers\itchfltr.sys
2009-07-01 05:39 . 2002-01-05 11:38 54784 ----a-w- c:\windows\system32\MSVCI70.DLL
2009-07-01 05:31 . 2009-07-01 06:17 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-01 05:31 . 2004-03-03 16:50 37887 ----a-w- c:\windows\system32\drivers\LHidUsb.sys
2009-07-01 05:31 . 2004-03-03 16:50 14095 ----a-w- c:\windows\system32\drivers\LCcfltr.sys
2009-07-01 05:14 . 2009-07-01 09:52 1338416 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-01 04:51 . 2009-07-01 10:35 -------- d-----w- c:\program files\Uniblue
2009-07-01 04:43 . 2009-07-01 10:35 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Uniblue
2009-06-30 02:37 . 2009-07-01 10:23 6820 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 01:26 . 2009-03-12 18:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-25 01:26 . 2009-03-12 17:34 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-24 05:48 . 2009-03-13 01:33 -------- d-----w- c:\program files\IObit
2009-07-24 00:36 . 2009-03-12 17:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-07-22 09:59 . 2009-03-12 22:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 04:37 . 2009-03-15 17:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 21:52 . 2009-03-12 23:51 -------- d-----w- c:\program files\Common Files\Apple
2009-07-14 03:49 . 2009-03-14 02:14 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\DAEMON Tools Lite
2009-07-14 03:42 . 2009-03-14 02:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-14 02:58 . 2009-03-12 22:34 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-13 18:46 . 2009-03-12 19:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-11 19:54 . 2009-03-12 17:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 19:54 . 2009-03-26 19:07 -------- d-----w- c:\program files\Creative
2009-07-11 19:53 . 2009-03-12 23:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-11 19:53 . 2009-03-12 23:32 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-11 19:53 . 2009-03-12 23:32 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Creative
2009-07-11 19:46 . 2009-03-13 21:01 -------- d-----w- c:\program files\Winamp
2009-07-11 19:46 . 2009-03-12 23:53 -------- d-----w- c:\program files\QuickTime
2009-07-11 00:20 . 2009-03-12 21:18 -------- d-----w- c:\program files\ATI Technologies
2009-07-09 04:11 . 2009-03-15 12:24 -------- d-----w- c:\program files\Safari
2009-07-08 17:28 . 2009-03-13 19:37 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\SecondLife
2009-07-06 23:46 . 2009-03-12 23:57 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Apple Computer
2009-07-04 01:33 . 2009-03-28 05:33 102856 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-01 06:24 . 2009-03-12 22:22 151840 ----a-w- c:\documents and settings\DJ Headspace\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 06:17 . 2009-03-16 18:12 -------- d-----w- c:\program files\Logitech
2009-07-01 05:33 . 2009-03-12 17:25 -------- d-----w- c:\program files\intel
2009-06-23 00:47 . 2009-06-23 00:47 0 ----a-w- c:\windows\nsreg.dat
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 07:01 . 2009-03-12 22:38 -------- d-----w- c:\docume~1\DJHEAD~1\APPLIC~1\Skype
2009-06-09 23:19 . 2009-04-13 17:07 -------- d-----w- c:\program files\Java
2009-06-09 23:07 . 2009-06-09 23:07 -------- d-----w- c:\program files\BestGameEver
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 20:36 . 2009-03-12 23:52 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 20:36 . 2009-03-12 23:52 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-21 18:33 . 2009-04-13 17:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-14 06:25 . 2009-05-14 06:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-03 03:00 . 2009-06-23 00:47 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-25_01.27.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-12 17:12 . 2009-07-25 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-12 17:12 . 2009-07-24 21:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-12 17:12 . 2009-07-25 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-12 17:12 . 2009-07-24 21:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-12 17:12 . 2009-07-25 01:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-12 17:12 . 2009-07-24 21:49 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-28 655360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"DellTouch"="c:\windows\MMKeybd.exe" [2002-01-17 163840]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-10 1176808]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2009-03-04 19456]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-30 671744]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [5/28/2008 9:32 AM 61688]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [7/23/2009 10:48 PM 304400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/30/2009 11:17 PM 3712]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/21/2009 9:02 PM 210216]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [3/12/2009 8:38 PM 28672]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [6/30/2009 10:31 PM 14095]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [3/12/2009 8:38 PM 6656]
S2 0245981248322136mcinstcleanup;McAfee Application Installer Cleanup (0245981248322136);c:\windows\TEMP\024598~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\024598~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7/11/2009 12:54 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296]
S3 MTK;Media Technology Kernel Driver; [x]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PacketNTx;Packet helper driver;c:\windows\system32\drivers\PacketNTx.sys [3/12/2009 10:32 AM 24544]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [3/12/2009 10:47 AM 17648]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [3/12/2009 10:46 AM 69744]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [3/12/2009 7:56 PM 9728]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-07-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-22 15:57]
2009-07-22 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-22 15:57]
2009-07-25 c:\windows\Tasks\User_Feed_Synchronization-{5106E387-0582-4AD1-B32E-E0BDA2A51DEC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\docume~1\DJHEAD~1\APPLIC~1\Mozilla\Firefox\Profiles\gyc6b620.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-yie8
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 19:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(7576)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-25 19:07
ComboFix-quarantined-files.txt 2009-07-25 02:07
Pre-Run: 82,044,686,336 bytes free
Post-Run: 82,022,498,304 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
296 --- E O F --- 2009-07-22 09:59
I failed to attached the OTL log from running it just before Combo-Fix...it is attached here:
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
Service\Driver bfuan not found.
Service\Driver bfuan not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\windows\system32\bfuan.sys not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: BB443B11-7D12-450c-9F85-2D32804655F9
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: DJ Headspace
->Temp folder emptied: 385450 bytes
->Temporary Internet Files folder emptied: 11442813 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 26803324 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 109080 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 36.98 mb
OTL by OldTimer - Version 3.0.10.3 log created on 07242009_174224
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
Service\Driver bfuan not found.
Service\Driver bfuan not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\windows\system32\bfuan.sys not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: BB443B11-7D12-450c-9F85-2D32804655F9
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: DJ Headspace
->Temp folder emptied: 385450 bytes
->Temporary Internet Files folder emptied: 11442813 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 26803324 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 109080 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 36.98 mb
OTL by OldTimer - Version 3.0.10.3 log created on 07242009_174224
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
hi
Download TFC to your desktop
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases - Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.