Jump to content

JRRJ

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by JRRJ

  1. Hi deltalima, Another super busy week. I will give the fix a try on Saturday and report back. Thanks.
  2. Hi deltalima, SystemLook 04.09.10 by jpshortstuff Log created at 11:51 on 19/09/2010 by Justin Administrator - Elevation successful ========== filefind ========== Searching for "ws2_32.dl*" C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll --a---- 82432 bytes [23:17 01/08/2008] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A C:\WINDOWS\system32\ws2_32.dll --a---- 82944 bytes [12:00 04/08/2004] [12:00 04/08/2004] 991AC20A286611A762C781077CE6D840 -= EOF =-
  3. Sorry for delay, crazy week!! ComboFix 10-09-17.04 - Justin 09/18/2010 10:46:40.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1537 [GMT -4:00] Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log c:\documents and settings\Justin\Application Data\Desktop Security c:\documents and settings\Justin\Start Menu\Programs\Desktop Security c:\documents and settings\Justin\Start Menu\Programs\Desktop Security\Activate Desktop Security.lnk c:\documents and settings\Justin\Start Menu\Programs\Desktop Security\Desktop Security.lnk c:\documents and settings\Justin\Start Menu\Programs\Desktop Security\Help Desktop Security.lnk c:\documents and settings\Justin\Start Menu\Programs\Desktop Security\How to Activate Desktop Security.lnk c:\windows\iravajam.exe c:\windows\xuxivucozu._sy c:\windows\yxehyjeq.exe c:\windows\system32\ws2_32.dll . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 ))))))))))))))))))))))))))))))) . 2010-09-18 13:58 . 2010-09-18 13:58 -------- d-----w- c:\documents and settings\Justin\Local Settings\Application Data\Yahoo 2010-09-18 13:57 . 2010-09-18 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2010-09-18 13:57 . 2010-09-18 13:58 -------- d-----w- c:\documents and settings\Justin\Application Data\Yahoo! 2010-09-18 13:56 . 2010-09-18 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2010-09-18 13:56 . 2010-04-20 20:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2010-09-18 13:55 . 2010-09-18 13:57 -------- d-----w- c:\program files\Yahoo! 2010-09-12 02:58 . 2010-09-12 02:58 -------- d-----w- C:\_OTL 2010-09-11 13:50 . 2010-09-11 13:50 -------- d-----w- C:\QUARANTINE 2010-09-05 13:11 . 2004-08-04 03:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2010-09-05 13:11 . 2004-08-04 03:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2010-09-02 00:44 . 2010-09-02 00:45 -------- d-----w- c:\documents and settings\Justin\Application Data\Elluminate . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-09 01:53 . 2008-11-22 02:44 -------- d-----w- c:\documents and settings\Justin\Application Data\DNA 2010-09-09 01:43 . 2008-11-22 02:44 -------- d-----w- c:\program files\DNA 2010-09-05 13:13 . 2007-12-28 17:56 121112 ----a-w- c:\documents and settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-02 13:22 . 2010-02-15 23:05 -------- d-----w- c:\documents and settings\Justin\Application Data\ZoomBrowser EX 2010-09-02 13:22 . 2010-02-15 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser 2010-09-02 00:09 . 2008-01-21 14:12 -------- d-----w- c:\program files\MSECache 2010-08-16 23:19 . 2009-09-15 01:25 -------- d-----w- c:\program files\Call of Duty 2010-08-16 23:19 . 2007-12-29 01:19 152422 ----a-w- c:\windows\system32\nvModes.dat 2010-08-15 13:30 . 2010-08-15 00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-15 13:13 . 2008-11-04 17:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-08-15 13:12 . 2010-08-15 13:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-08-15 12:35 . 2010-08-15 00:22 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-15 02:23 . 2010-08-15 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2010-08-15 02:23 . 2010-08-15 02:23 -------- d-----w- c:\program files\ParetoLogic 2010-08-15 02:23 . 2010-08-15 02:23 -------- d-----w- c:\program files\Common Files\ParetoLogic 2010-07-31 01:35 . 2009-12-25 03:06 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-07-31 01:35 . 2009-12-25 03:06 202448 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-07-29 15:11 . 2009-04-11 11:47 -------- d-----w- c:\program files\Safari 2010-07-29 15:09 . 2010-07-29 15:09 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe 2010-07-22 15:15 . 2010-07-22 15:14 -------- d-----w- c:\program files\iTunes 2010-07-22 15:14 . 2010-07-22 15:14 -------- d-----w- c:\program files\iPod 2010-07-22 15:14 . 2008-01-05 20:58 -------- d-----w- c:\program files\Common Files\Apple 2010-07-22 15:09 . 2010-07-22 15:09 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe 2010-07-08 15:14 . 2010-07-08 15:14 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe 2008-11-02 11:49 . 2008-11-02 11:49 18146 ----a-w- c:\program files\Common Files\pagiga.dl 2008-11-02 11:49 . 2008-11-02 11:49 17016 ----a-w- c:\program files\Common Files\ebeh.scr 2008-11-02 11:49 . 2008-11-02 11:49 14956 ----a-w- c:\program files\Common Files\burox.inf . ------- Sigcheck ------- [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll [-] 2004-08-04 . 991AC20A286611A762C781077CE6D840 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll c:\windows\System32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "NVHotkey"="nvHotkey.dll" [2007-05-12 67584] "NvMediaCenter"="NvMCTray.dll" [2007-05-12 81920] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-12 8429568] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-28 253952] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-18 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-01-09 17:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Justin\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk] path=c:\documents and settings\Justin\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-09-06 00:01 133104 ----atw- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-16 11:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-05-12 03:57 8429568 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SolidWorks Licensing Service"=3 (0x3) "NITaggerService"=2 (0x2) "idsvc"=3 (0x3) "FirebirdServerMAGIXInstance"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S3 Normandy;Normandy SR2; [x] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/5/2008 5:37 PM 611064] . Contents of the 'Scheduled Tasks' folder 2010-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2010-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003Core.job - c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:01] 2010-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003UA.job - c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:01] 2010-08-15 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01] 2010-08-25 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01] 2010-09-02 c:\windows\Tasks\PC Health Advisor Defrag.job - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-06-23 04:06] 2010-09-18 c:\windows\Tasks\PC Health Advisor.job - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-06-23 04:06] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true. . ------- File Associations ------- . .scr=AutoCADScriptFile . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Justin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-18 10:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1000) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3920) c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\shdoclc.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\windows\system32\nvsvc32.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\rundll32.exe c:\windows\system32\RunDLL32.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-09-18 10:59:00 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-18 14:58 Pre-Run: 68,645,953,536 bytes free Post-Run: 68,573,782,016 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 668763D9CE33A7787BAAE3715C0432EC
  4. I'm not sure what Combofix is, I don't think it is something I've run. My friend who I bought the computer from in '08 may have run it??
  5. Sorry, but my computer was being taken over by hoax virus protection pop-ups every 2 minutes. I'll be sure to not run any more programs. Forgive me but I'm a little confused about the Virustotal instructions. You say to "Copy/paste this file and path into the white box at the top:" I'm not sure what white box you are referring to. When I open Virus Total there is a white box in the middle of the screen that is where you can upload a file. When I click on this white box it asks for me to choose a file on my machine. When I copy and paste the file, it states that it cannot be found.
  6. Well, I ran malwarebytes again. I updated it first and then did a quick scan. It found 54 items, which I removed. Here is the log. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4597 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 9/11/2010 11:48:21 PM mbam-log-2010-09-11 (23-48-21).txt Scan type: Quick scan Objects scanned: 143650 Time elapsed: 6 minute(s), 39 second(s) Memory Processes Infected: 7 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 40 Memory Processes Infected: C:\program files\Ahead\Nero\NeroNero.exe (Trojan.Downloader) -> Unloaded process successfully. C:\program files\Ahead\Nero\NeroNero.exe (Trojan.Downloader) -> Unloaded process successfully. c:\program files\quicktime\QTSystem\quicktime.resources\zh_cn.lproj\quicktimequicktime7.6.6.exe (Trojan.Downloader) -> Unloaded process successfully. c:\program files\quicktime\QTSystem\corevideo.resources\ja.lproj\quicktimeresourcesquicktime.exe (Trojan.Downloader) -> Unloaded process successfully. c:\program files\common files\microsoft shared\EURO\officeoffice11.0.5510.exe (Trojan.Downloader) -> Unloaded process successfully. C:\Documents and Settings\Justin\Application Data\Desktop Security\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Unloaded process successfully. C:\Documents and Settings\Justin\Application Data\Desktop Security\securitycenter.exe (Rogue.DesktopSecurity) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{08c72dd4-19ad-49f1-83da-8542b4d302c5} (Trojan.FakeCodec) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security (Rogue.DesktopSecurity) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\encodernero (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcdmenuvcdmenu (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop security (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Rogue.DesktopSecurity) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\program files\Ahead\Nero\NeroNero.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\program files\quicktime\QTSystem\quicktime.resources\zh_cn.lproj\quicktimequicktime7.6.6.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\program files\quicktime\QTSystem\corevideo.resources\ja.lproj\quicktimeresourcesquicktime.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\program files\common files\microsoft shared\EURO\officeoffice11.0.5510.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Application Data\Desktop Security\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Application Data\Desktop Security\securitycenter.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Application Data\Desktop Security\securityhelper.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Application Data\Desktop Security\taskmgr.dll (Rogue.DesktopSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Start Menu\Programs\Desktop Security.LNK (Rogue.DesktopSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\02c9c3c35bdx5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\17dkf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\472a10e2ebxd9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\56493.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\al3erfa3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\alerfa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\backd-efq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\cosock.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\cunifuc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\dd10x10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\ddoll3342.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\dkfjd93.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\ds7hw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\eelnvd13.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\eephilpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\gedx_ae09.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\gpupz2a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\hhbboll_2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\hodeme.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\hvipws9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\jdhellwo3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\jofcdks.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\kilslmd.exex (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\kjdh_gf_jjdhgd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\lorsk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\pswwg3c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\qwedvor.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\qwklrvjhqlkj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\wrcud12.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Justin\Local Settings\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
  7. MBR Report MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 141): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E3000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F79000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F68000 pci.sys 0xBA0A8000 ohci1394.sys 0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xBA0C8000 isapnp.sys 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0D8000 MountMgr.sys 0xB9F49000 ftdisk.sys 0xBA5AC000 dmload.sys 0xB9F23000 dmio.sys 0xBA330000 PartMgr.sys 0xBA0E8000 VolSnap.sys 0xB9F0B000 atapi.sys 0xBA338000 cercsr6.sys 0xB9EF3000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xB9E1E000 iastor.sys 0xBA0F8000 disk.sys 0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9DFE000 fltMgr.sys 0xB9DEC000 sr.sys 0xB9DD5000 KSecDD.sys 0xB9D48000 Ntfs.sys 0xB9D1B000 NDIS.sys 0xB9D00000 Mup.sys 0xBA2F8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB8898000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB8884000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA408000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB8861000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA410000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB883C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB87A8000 \SystemRoot\system32\DRIVERS\bcmwl5.sys 0xBA308000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0xBA318000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xB8797000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xBA128000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xB8783000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xB8732000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0xBA138000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xB8705000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA420000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA428000 \SystemRoot\system32\drivers\iviaspi.sys 0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB86E2000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA430000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xB9CD0000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xB9CCC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xBA7F5000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB9CC8000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB86CB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB86BA000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB8689000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5CE000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB8608000 \SystemRoot\system32\DRIVERS\update.sys 0xB95D0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA1C8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xB8F36000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xB67A5000 \SystemRoot\system32\drivers\sthda.sys 0xB6783000 \SystemRoot\system32\drivers\portcls.sys 0xB8F26000 \SystemRoot\system32\drivers\drmk.sys 0xB674F000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xB665D000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xB65AA000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xBA450000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA5DA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA768000 \SystemRoot\System32\Drivers\Null.SYS 0xBA480000 \SystemRoot\System32\drivers\vga.sys 0xBA5DC000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5DE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA488000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA490000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA584000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB654F000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB64F7000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB8F16000 \SystemRoot\system32\drivers\mfetdik.sys 0xB64CF000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB64AD000 \SystemRoot\System32\drivers\afd.sys 0xB8F06000 \SystemRoot\system32\DRIVERS\netbios.sys 0xB8EF6000 \SystemRoot\System32\Drivers\SCDEmu.SYS 0xB6432000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB63C3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA498000 \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys 0xB8EE6000 \SystemRoot\System32\Drivers\Fips.SYS 0xBA4A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xB659E000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xB8ED6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xBA4A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA4B0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0xB8EC6000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xB6320000 \SystemRoot\system32\DRIVERS\Wdf01000.sys 0xB659A000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xBA348000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0xB8EB6000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xB8EA6000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xBA1E8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB6268000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA5E0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB649D000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA370000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA725000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB3E60000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB37BC000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xBA6F3000 \SystemRoot\System32\Drivers\cvintdrv.SYS 0xB3650000 \??\C:\WINDOWS\system32\drivers\hardlock.sys 0xB362D000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xB35F0000 \SystemRoot\system32\drivers\wdmaud.sys 0xB39D8000 \SystemRoot\system32\drivers\sysaudio.sys 0xB3576000 \SystemRoot\system32\DRIVERS\srv.sys 0xB3605000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xB27D8000 \SystemRoot\system32\drivers\mfehidk.sys 0xBA3E0000 \SystemRoot\system32\drivers\mfebopk.sys 0xB29A8000 \SystemRoot\system32\drivers\mfeapfk.sys 0xB28B8000 \SystemRoot\system32\drivers\mfeavfk.sys 0xB258F000 \SystemRoot\System32\Drivers\HTTP.sys 0xB2668000 \SystemRoot\System32\Drivers\Normandy.SYS 0xB1F9C000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 52): 0 System Idle Process 4 System 900 C:\WINDOWS\system32\smss.exe 964 csrss.exe 996 C:\WINDOWS\system32\winlogon.exe 1040 C:\WINDOWS\system32\services.exe 1052 C:\WINDOWS\system32\lsass.exe 1216 C:\WINDOWS\system32\svchost.exe 1284 svchost.exe 1324 C:\WINDOWS\system32\svchost.exe 1444 svchost.exe 1472 svchost.exe 1628 C:\WINDOWS\system32\WLTRYSVC.EXE 1708 C:\WINDOWS\system32\BCMWLTRY.EXE 1716 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1944 C:\WINDOWS\explorer.exe 2016 C:\WINDOWS\NOTEPAD.EXE 408 C:\WINDOWS\system32\WLTRAY.EXE 416 C:\WINDOWS\system32\rundll32.exe 428 C:\WINDOWS\system32\rundll32.exe 432 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe 452 C:\Program Files\McAfee\Common Framework\UdaterUI.exe 604 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 620 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 628 C:\Program Files\McAfee\Common Framework\Mctray.exe 700 C:\Program Files\iTunes\iTunesHelper.exe 728 C:\Program Files\Ahead\Nero\NeroNero.exe 760 C:\Program Files\Ahead\Nero\NeroNero.exe 820 C:\WINDOWS\system32\spoolsv.exe 876 C:\Documents and Settings\Justin\Application Data\Desktop Security\Desktop Security 2010.exe 944 C:\Documents and Settings\Justin\Application Data\Desktop Security\securitycenter.exe 140 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe 1056 C:\Program Files\Logitech\SetPoint\SetPoint.exe 1396 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe 1640 svchost.exe 1844 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe 1892 C:\Program Files\Java\jre6\bin\jqs.exe 2056 C:\Program Files\McAfee\Common Framework\FrameworkService.exe 2200 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe 2240 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe 2324 C:\WINDOWS\system32\nvsvc32.exe 2360 naPrdMgr.exe 2432 C:\WINDOWS\system32\svchost.exe 2680 C:\Program Files\Canon\CAL\CALMAIN.exe 3004 C:\Program Files\iPod\bin\iPodService.exe 3348 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeQuickTime7.6.6.exe 3432 C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\ja.lproj\QuickTimeResourcesQuickTime.exe 3728 C:\Program Files\Common Files\Microsoft Shared\EURO\OfficeOffice11.0.5510.exe 356 C:\Program Files\Mozilla Firefox\firefox.exe 888 C:\WINDOWS\system32\svchost.exe 2632 C:\Documents and Settings\Justin\Desktop\RKUnhookerLE.EXE 3680 C:\Documents and Settings\Justin\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHY2120BH, Rev: 0085000B Size Device Name MBR Status -------------------------------------------- 111 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!
  8. RTUnHooker Report: RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 2) Number of processors #2 ============================================== >Drivers ============================================== 0xB8898000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6348800 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.28 ) 0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5468160 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 101.28 ) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2146304 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2146304 bytes 0x804D7000 RAW 2146304 bytes 0x804D7000 WMIxWDM 2146304 bytes 0xBF800000 Win32k 1851392 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xB67A5000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC) 0xB665D000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver) 0xB9E1E000 iastor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver) 0xB65AA000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver) 0xB3650000 C:\WINDOWS\system32\drivers\hardlock.sys 671744 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT) 0xB87A8000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver) 0xB9D48000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xB6320000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic) 0xB63C3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xB8608000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver) 0xB64F7000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xB3576000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver) 0xB8732000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xB258F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xB674F000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver) 0xB8689000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xB9D1B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xB8705000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 184320 bytes (Synaptics, Inc., Synaptics Touchpad Driver) 0xB37BC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xB2017000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xB6432000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xB27D8000 C:\WINDOWS\system32\drivers\mfehidk.sys 163840 bytes (McAfee, Inc., Host Intrusion Detection Link Driver) 0xB64CF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xB883C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xB362D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xB86E2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xB8861000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xB64AD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xB6783000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x806E3000 ACPI_HAL 134400 bytes 0x806E3000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xB9DFE000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xB9D00000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xB6268000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xB9EF3000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver) 0xB9DD5000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xB86CB000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xB35F0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xB8783000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver) 0xB8884000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xB654F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xB9DEC000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xB86BA000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xB8797000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 69632 bytes (Microsoft Corporation, SecureDigital Bus Driver) 0xBA308000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver) 0xBA1E8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xBA158000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xB28B8000 C:\WINDOWS\system32\drivers\mfeavfk.sys 65536 bytes (McAfee, Inc., Anti-Virus File System Filter Driver) 0xBA318000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager) 0xB8EA6000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client) 0xB8F26000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xB29A8000 C:\WINDOWS\system32\drivers\mfeapfk.sys 61440 bytes (McAfee, Inc., Access Protection Filter Driver) 0xBA0A8000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0xBA168000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xB39D8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xB8F36000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBA128000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver) 0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xBA138000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xBA178000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xB8EF6000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 53248 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive) 0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xB8EC6000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0xB8F16000 C:\WINDOWS\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver) 0xBA198000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xBA148000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xBA188000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xBA1C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xBA1B8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xB8EE6000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xB8ED6000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xBA2F8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xBA0C8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xBA1A8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xB8F06000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xB2668000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xB8EB6000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver) 0xBA348000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.) 0xBA450000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver) 0xBA490000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xBA4A0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0xBA4A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xBA4B0000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.) 0xBA3E0000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver) 0xBA498000 C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys 28672 bytes (McAfee, Inc., VSCore Code Analysis Driver) 0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xBA410000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xBA430000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0xBA428000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell) 0xBA420000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xBA418000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xBA480000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xBA488000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xBA440000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xBA448000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xBA438000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xBA408000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xBA370000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver) 0xB9CD0000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0xB3605000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver) 0xB95D0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xB3E60000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver) 0xB649D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xB659E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xB659A000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xB9CC8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xBA584000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xB9CCC000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xBA5E0000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xBA5DA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xBA5DC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xBA5DE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xBA5CE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xBA5CC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xBA7F5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xBA6F3000 C:\WINDOWS\System32\Drivers\cvintdrv.SYS 4096 bytes 0xBA725000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xBA768000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) ============================================== >Stealth ============================================== ============================================== >Files ============================================== !-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\Common\Database\FABS\fabs_service.log !-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\Common\Database\FABS\mxdba_service.log !-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\18A0A18Fd01 !-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\215ADD16d01 !-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\21AC1C26d01 !-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\235EE724d01 !-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\8E2365D7d01 !-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\95AB1C6Fd01 !-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\C12F11A1d01 !-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\F32D5EB6d01 !-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\F84695EEd01 ============================================== >Hooks ============================================== ntkrnlpa.exe+0x0006EA7E, Type: Inline - RelativeJump 0x80545A7E-->80545A85 [ntkrnlpa.exe] ntkrnlpa.exe-->NtCreateKey, Type: Inline - RelativeJump 0x806225BE-->B27EB4FF [mfehidk.sys] ntkrnlpa.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x80622A5A-->B27EB513 [mfehidk.sys] ntkrnlpa.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x80622C2A-->B27EB53F [mfehidk.sys] ntkrnlpa.exe-->NtOpenKey, Type: Inline - RelativeJump 0x80623960-->B27EB4EB [mfehidk.sys] ntkrnlpa.exe-->NtRenameKey, Type: Inline - RelativeJump 0x80621FE4-->B27EB529 [mfehidk.sys] ntkrnlpa.exe-->NtSetValueKey, Type: Inline - RelativeJump 0x80620C6A-->B27EB555 [mfehidk.sys] ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x805D1686-->B27EB56B [mfehidk.sys]
  9. OTL report after reboot. All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}\ deleted successfully. C:\Program Files\AskSearch\bin\DefaultSearch.dll moved successfully. HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! 127.0.0.1 localhost removed from HOSTS file successfully 127.0.0.1 mozilla.com removed from HOSTS file successfully 127.0.0.1 firefox.com removed from HOSTS file successfully 127.0.0.1 www.firefox2.com removed from HOSTS file successfully 127.0.0.1 firefox2.com removed from HOSTS file successfully 127.0.0.1 ftp.saix.net removed from HOSTS file successfully Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 175863 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Justin ->Temp folder emptied: 850311178 bytes ->Temporary Internet Files folder emptied: 3318611 bytes ->Java cache emptied: 13904556 bytes ->FireFox cache emptied: 39472431 bytes ->Google Chrome cache emptied: 30138736 bytes ->Flash cache emptied: 30450 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 47595 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 150005965 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 3032028 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 474443559 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64703790 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 53499 bytes RecycleBin emptied: 54033542 bytes Total Files Cleaned = 1,606.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.11.0 log created on 09112010_225836 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\1095056539@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\1528560870@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\1730624406@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\dref=http%253A%252F%252Fwww.boston[1].com%252Fsports%252Fschools%252Ffootball%252Farticles%252F2008%252F09%252F06%252Fmass_school_football_player_dies_after_injury%252F not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg =7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=1;dcopt=ist;sz=1x1;extra%3Dnull;o[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\tile=494067&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\tile=510365&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\tile=700138&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\tile=700138&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\%253D00000000-0000-0000-0000-000000000002%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526ReadMessageId%253Df907dd1d-3325-4ec5-a552-1c167de8461f%2526n%253D1131068674 not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1037295662@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1134326097@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1142212520@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1144402413@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,BILLBOA[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1171264739@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1374782998@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1396287980@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1399046335@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1651232165@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\dref=http%253A%252F%252Fbl122w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1345623821 not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\dref=http%253A%252F%252Fbl122w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D524218722 not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\full_profile;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntr y=us;reg=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=6;dcopt=ist;sz=300x250;ex[2] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg =7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=1;dcopt=ist;sz=1x1;extra%3Dnull;ord[2].5 not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg =7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=4;dcopt=ist;sz=728x90;extra%3Dnul[3] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\my_profile;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry= us;reg=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=6;dcopt=ist;sz=300x250;extr[2] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=277676&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=377681&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=927224&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=927224&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=987031&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1133773671@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1227450305@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,BILLBOA[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1286532065@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1639680987@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1751526842@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1854495862@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\dref=http%253A%252F%252Fwww.boston[1].com%252Fsports%252Fschools%252Ffootball%252Farticles%252F2008%252F09%252F06%252Fmass_school_football_player_dies_after_injury%252F not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg =7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=6;dcopt=ist;sz=300x250;extra%3Dnull[2].5 not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=277676&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=277676&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=494067&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=510365&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=512074&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=700138&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1006877416@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1033019097@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1129321518@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1163944518@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1197725475@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1510241244@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1601570319@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,BILLBOA[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1632002494@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1667738574@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1679649993@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1709839717@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1807732081@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1881431176@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,MISC1[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\connections_browser;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr =m;cntry=us;reg=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=3;dcopt=ist;sz=160[2] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\dref=http%253A%252F%252Fbl122w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1516484271 not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\eId%253D7b7e7da1-4e62-4b83-985f-d0489de6352f%2526FolderID%253D00000000-0000-0000-0000-000000000001%2526CP%253D-1%2526n%253D1540855289%2526Action%253DReply%2526AllowUnsafe%253DTrue not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg =7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=4;dcopt=ist;sz=728x90;extra%3Dnull;[2].5 not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg =7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=6;dcopt=ist;sz=300x250;extra%3Dnu[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=377681&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=494067&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=510365&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=512074&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=512074&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=927224&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=987031&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=987031&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\1604317586@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,BILLBOA[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=107335&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=107335&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=129591&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=129591&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=165773&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=227338&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=227338&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=243415&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=264400&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=542713&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=543894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=664522&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=664522&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=697805&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=778795&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=813727&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=927968&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=952577&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=952577&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=959129&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\1150268756@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,BILLBOA[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=111513&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=129591&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=165773&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=227338&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=341543&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=443434&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=505181&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=543894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=543894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=547413&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=547413&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=778795&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=788584&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=884799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=997799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\1619771420@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,BILLBOA[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\1692059376@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,BILLBOA[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\1912022406@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG O 3,LOGO4,BILLBOA[1] not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\26f%3D2022332404%26l%3DLREC%26en%3Dutf-8%26rn%3D1220737557125%26em%3D%257B%2522site-attribute%2522%253A%2522content%253Dno_expandable%253Bajax_cert_expandable%2522%252C%2522ad&r=0 not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\dref=http%253A%252F%252Fbl122w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1253086190 not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=111513&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=165773&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=210894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=210894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=243415&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=264400&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=341543&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=443434&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=443434&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=505181&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=505181&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=542713&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=573821&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=664522&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=778435&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=778795&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=788584&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=813727&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=959129&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=997799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=997799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=111513&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=210894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=243415&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=264400&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=542713&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=573821&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=573821&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=697805&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=778435&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=778435&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=788584&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=813727&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=884799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=884799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[2].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=927968&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found! File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=952577&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found! Registry entries deleted on Reboot...
  10. Wow, computer is getting really bad. Here is the batch file HostName: JUSTIN-EC1FBD7F TaskName: AppleSoftwareUpdate Next Run Time: 11:09:00, 9/16/2010 Status: Last Run Time: 11:09:00, 9/2/2010 Last Result: 0 Creator: SYSTEM Schedule: At 11:09 AM every Thu of every week, starting 8/9/2008 Task To Run: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task Start In: N/A Comment: N/A Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 11:09:00 Start Date: 8/9/2008 End Date: N/A Days: THURSDAY Months: N/A Run As User: NT AUTHORITY\SYSTEM Delete Task If Not Rescheduled: Disabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At10 Next Run Time: 09:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 9:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 09:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At11 Next Run Time: 10:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 10:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 10:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At12 Next Run Time: 11:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 11:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 11:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At13 Next Run Time: 12:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 12:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 12:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At14 Next Run Time: 13:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 1:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 13:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At15 Next Run Time: 14:00:00, 9/12/2010 Status: Could not start Last Run Time: 14:00:00, 11/2/2008 Last Result: 0 Creator: SYSTEM Schedule: At 2:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 14:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At16 Next Run Time: 15:00:00, 9/12/2010 Status: Could not start Last Run Time: 15:00:00, 11/2/2008 Last Result: 0 Creator: SYSTEM Schedule: At 3:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 15:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At17 Next Run Time: 16:00:00, 9/12/2010 Status: Could not start Last Run Time: 16:00:00, 11/2/2008 Last Result: 0 Creator: SYSTEM Schedule: At 4:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 16:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At18 Next Run Time: 17:00:00, 9/12/2010 Status: Could not start Last Run Time: 17:00:00, 11/2/2008 Last Result: 0 Creator: SYSTEM Schedule: At 5:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 17:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At19 Next Run Time: 18:00:00, 9/12/2010 Status: Could not start Last Run Time: 18:00:00, 11/2/2008 Last Result: 0 Creator: SYSTEM Schedule: At 6:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 18:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At20 Next Run Time: 19:00:00, 9/12/2010 Status: Could not start Last Run Time: 19:00:00, 11/2/2008 Last Result: 0 Creator: SYSTEM Schedule: At 7:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 19:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At21 Next Run Time: 20:00:00, 9/12/2010 Status: Could not start Last Run Time: 20:00:00, 11/2/2008 Last Result: 0 Creator: SYSTEM Schedule: At 8:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 20:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At22 Next Run Time: 21:00:00, 9/12/2010 Status: Could not start Last Run Time: 21:00:00, 11/2/2008 Last Result: 0 Creator: SYSTEM Schedule: At 9:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 21:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At23 Next Run Time: 22:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 10:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 22:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At24 Next Run Time: 23:00:00, 9/11/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 11:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 23:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At3 Next Run Time: 02:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 2:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 02:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At4 Next Run Time: 03:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 3:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 03:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At49 Next Run Time: 18:08:00, 9/15/2010 Status: Could not start Last Run Time: 18:08:00, 2/18/2009 Last Result: 0 Creator: SYSTEM Schedule: At 6:08 PM every Wed of every week, starting 11/22/2008 Task To Run: c:\program files\norton pc checkup\pc_checkup.exe -startscan Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 18:08:00 Start Date: 11/22/2008 End Date: N/A Days: WEDNESDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At5 Next Run Time: 04:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 4:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 04:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At50 Next Run Time: 12:02:00, 9/12/2010 Status: Could not start Last Run Time: 12:01:59, 2/22/2009 Last Result: 0 Creator: SYSTEM Schedule: At 12:02 PM every Sat, Sun of every week, starting 11/22/2008 Task To Run: c:\program files\norton pc checkup\pc_checkup.exe -startscan Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 12:02:00 Start Date: 11/22/2008 End Date: N/A Days: SUNDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At6 Next Run Time: 05:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 5:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 05:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At7 Next Run Time: 06:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 6:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 06:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At8 Next Run Time: 07:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 7:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 07:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: At9 Next Run Time: 08:00:00, 9/12/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: SYSTEM Schedule: At 8:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008 Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe Start In: N/A Comment: Created by NetScheduleJobAdd. Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 08:00:00 Start Date: 11/2/2008 End Date: N/A Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Enabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003Core Next Run Time: 20:16:00, 9/12/2010 Status: Last Run Time: 20:16:00, 9/10/2010 Last Result: 0 Creator: Justin Schedule: At 8:16 PM every day, starting 8/15/2010 Task To Run: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c Start In: N/A Comment: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when the Scheduled Task State: Enabled Scheduled Type: Daily Start Time: 20:16:00 Start Date: 8/15/2010 End Date: N/A Days: Everyday Months: N/A Run As User: JUSTIN-EC1FBD7F\Justin Delete Task If Not Rescheduled: Disabled Stop Task If Runs X Hours and X Mins: Disabled Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003UA Next Run Time: 23:16:00, 9/11/2010 Status: Last Run Time: 09:16:00, 9/11/2010 Last Result: 0 Creator: Justin Schedule: Every 1 hour(s) from 8:16 PM for 24 hour(s) every day, starting 8/15/2010 Task To Run: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Start In: N/A Comment: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when the Scheduled Task State: Enabled Scheduled Type: Hourly Start Time: 20:16:00 Start Date: 8/15/2010 End Date: N/A Days: Everyday Months: N/A Run As User: JUSTIN-EC1FBD7F\Justin Delete Task If Not Rescheduled: Disabled Stop Task If Runs X Hours and X Mins: Disabled Repeat: Every: 1 Hour(s) Repeat: Until: Time: None Repeat: Until: Duration: 24 Hour(s): 0 Minute(s) Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: ParetoLogic Registration3 Next Run Time: Never Status: Last Run Time: Never Last Result: 0 Creator: Justin Schedule: Task not scheduled Task To Run: C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns Start In: C:\Program Files\Common Files\ParetoLogic\UUS3 Comment: N/A Scheduled Task State: Enabled Scheduled Type: N/A Start Time: N/A Start Date: 8/15/2010 End Date: N/A Days: N/A Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Disabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: N/A Repeat: Until: Time: N/A Repeat: Until: Duration: N/A Repeat: Stop If Still Running: N/A Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: ParetoLogic Update Version3 Next Run Time: 04:21:00, 9/15/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: Justin Schedule: At 4:21 AM every Wed of every week, starting 8/14/2010 Task To Run: C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe Start In: C:\Program Files\Common Files\ParetoLogic\UUS3 Comment: ParetoLogic Update Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 04:21:00 Start Date: 8/14/2010 End Date: N/A Days: WEDNESDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Disabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: PC Health Advisor Defrag Next Run Time: 04:44:00, 9/16/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: Justin Schedule: At 4:44 AM every Thu of every week, starting 8/14/2010 Task To Run: C:\Program Files\ParetoLogic\PCHA\PCHA.exe -defrag Start In: C:\Program Files\ParetoLogic\PCHA\ Comment: PC Health Advisor Defrag Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 04:44:00 Start Date: 8/14/2010 End Date: N/A Days: THURSDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Disabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled HostName: JUSTIN-EC1FBD7F TaskName: PC Health Advisor Next Run Time: 04:44:00, 9/14/2010 Status: Could not start Last Run Time: Never Last Result: 0 Creator: Justin Schedule: At 4:44 AM every Tue, Sat of every week, starting 8/14/2010 Task To Run: C:\Program Files\ParetoLogic\PCHA\PCHA.exe -scan Start In: C:\Program Files\ParetoLogic\PCHA\ Comment: PC Health Advisor Scheduled Task State: Enabled Scheduled Type: Weekly Start Time: 04:44:00 Start Date: 8/14/2010 End Date: N/A Days: TUESDAY,SATURDAY Months: N/A Run As User: Could not be retrieved from the task scheduler database Delete Task If Not Rescheduled: Disabled Stop Task If Runs X Hours and X Mins: 72:0 Repeat: Every: Disabled Repeat: Until: Time: Disabled Repeat: Until: Duration: Disabled Repeat: Stop If Still Running: Disabled Idle Time: Disabled Power Management: Disabled
  11. GMER log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-10 22:13:47 Windows 5.1.2600 Service Pack 2 Running: js58bkok.exe; Driver: C:\DOCUME~1\Justin\LOCALS~1\Temp\kfkyqpod.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB2E374FB] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB2E3750F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB2E3753B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB2E374E7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB2E37525] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB2E37551] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB2E37567] ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1686 5 Bytes JMP B2E3756B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetValueKey 80620C6A 2 Bytes JMP B2E37555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetValueKey + 3 80620C6D 4 Bytes [81, 32, 90, 90] PAGE ntkrnlpa.exe!ZwRenameKey 80621FE4 7 Bytes JMP B2E37529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateKey 806225BE 5 Bytes JMP B2E374FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteKey 80622A5A 7 Bytes JMP B2E37513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622C2A 7 Bytes JMP B2E3753F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwOpenKey 80623960 5 Bytes JMP B2E374EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8FF5380, 0x2F18C7, 0xE8000020] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB3D41400, 0x7A186, 0xE8000020] .protect
  12. Hi deltalima, Thanks for the reply. Here are the logs from OTL: OTL logfile created on: 9/10/2010 8:17:48 PM - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Justin\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.70 Gb Total Space | 62.41 Gb Free Space | 55.87% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 3.68 Gb Total Space | 2.87 Gb Free Space | 78.10% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JUSTIN-EC1FBD7F Current User Name: Justin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Justin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Justin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (OpcEnum) -- C:\WINDOWS\System32\OpcEnum.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) ========== Driver Services (SafeList) ========== DRV - (ApfiltrService) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys File not found DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys () DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (iastor) -- C:\WINDOWS\System32\drivers\iastor.sys (Intel Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys (Texas Instruments Incorporated) DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll () IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 17:56:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 21:15:41 | 000,000,000 | ---D | M] [2009/02/08 09:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Mozilla\Extensions [2010/09/10 08:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\extensions [2009/09/02 10:50:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/20 23:50:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/09/10 08:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2009/06/29 15:37:37 | 000,000,942 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mozilla.com O1 - Hosts: 127.0.0.1 www.mozilla.com O1 - Hosts: 127.0.0.1 firefox.com O1 - Hosts: 127.0.0.1 www.firefox.com O1 - Hosts: 127.0.0.1 www.firefox2.com O1 - Hosts: 127.0.0.1 firefox2.com O1 - Hosts: 127.0.0.1 ftp.saix.net O1 - Hosts: 127.0.0.1 download.mozilla.com O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [combofix] C:\ComboFix\CF8341.cfx File not found O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O29 - HKLM SecurityProviders - (msansspc.dll) - File not found O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRIaYop) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/02 00:08:50 | 000,000,000 | ---D | M] - C:\AutoCAD 2008 -- [ NTFS ] O32 - Unable to obtain root file information for disk C:\ O33 - MountPoints2\{1b1a2305-b56e-11dc-af71-ff5a2286c706}\Shell - "" = AutoRun O33 - MountPoints2\{1b1a2305-b56e-11dc-af71-ff5a2286c706}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1b1a2305-b56e-11dc-af71-ff5a2286c706}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{1b1a2307-b56e-11dc-af71-ff5a2286c706}\Shell - "" = AutoRun O33 - MountPoints2\{1b1a2307-b56e-11dc-af71-ff5a2286c706}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1b1a2307-b56e-11dc-af71-ff5a2286c706}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/09/10 06:47:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Justin\Desktop\OTL.exe [2010/09/05 09:11:34 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys [2010/09/05 09:11:34 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2010/09/03 20:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Rt. 62 Trucks [2010/09/01 20:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Elluminate [2010/09/01 20:08:29 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Justin\My Documents\FileFormatConverters.exe [2010/09/01 20:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\PSU [2010/08/15 09:30:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/08/15 09:30:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/08/15 09:29:49 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Justin\Desktop\mbam-setup-1.46.exe [2010/08/15 09:17:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Recent [2010/08/14 22:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2010/08/14 22:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2010/08/14 22:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic [2010/08/14 20:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/08/14 20:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\backups [2010/08/14 20:00:08 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/08/13 21:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\wfodqahpe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/09/10 20:18:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\js58bkok.exe [2010/09/10 20:16:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003UA.job [2010/09/10 20:16:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003Core.job [2010/09/10 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010/09/10 19:50:23 | 000,152,422 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010/09/10 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010/09/10 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010/09/10 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010/09/10 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010/09/10 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010/09/10 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010/09/10 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010/09/10 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010/09/10 11:29:06 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/09/10 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010/09/10 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010/09/10 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010/09/10 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010/09/10 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010/09/10 06:47:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justin\Desktop\OTL.exe [2010/09/09 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010/09/09 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010/09/09 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010/09/08 22:02:09 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/09/08 22:02:09 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/09/08 22:02:09 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/09/08 21:58:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/09/08 21:57:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/09/08 21:57:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/09/08 21:57:19 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Justin\NTUSER.DAT [2010/09/08 16:17:41 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk [2010/09/08 16:17:41 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/09/08 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010/09/06 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010/09/06 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010/09/06 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010/09/06 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010/09/05 20:35:45 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Jen's Running Log.xls [2010/09/05 12:02:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At50.job [2010/09/05 09:13:22 | 000,121,112 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/09/04 04:44:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job [2010/09/02 11:09:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/09/02 09:30:40 | 000,380,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/09/02 04:44:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job [2010/09/01 22:02:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/09/01 20:08:59 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Justin\My Documents\FileFormatConverters.exe [2010/09/01 18:08:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At49.job [2010/08/31 11:07:13 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/29 15:41:25 | 003,574,272 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Financial Plan, 04-01-10.xls [2010/08/25 04:21:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job [2010/08/16 19:19:52 | 000,152,422 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010/08/16 13:35:46 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to Fall Work Sched.xls.lnk [2010/08/15 10:30:44 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Internet.lnk [2010/08/15 10:01:19 | 004,391,588 | -H-- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\IconCache.db [2010/08/15 09:30:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/15 09:29:54 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Justin\Desktop\mbam-setup-1.46.exe [2010/08/15 09:24:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Justin\ntuser.ini [2010/08/15 08:35:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/08/14 22:24:05 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job [2010/08/14 19:44:39 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Justin\My Documents\HiJackThis.msi [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/10 20:18:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\js58bkok.exe [2010/08/16 13:35:46 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to Fall Work Sched.xls.lnk [2010/08/15 10:30:44 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Internet.lnk [2010/08/15 10:15:15 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk [2010/08/15 10:15:15 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/08/15 09:30:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/08/14 22:24:05 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job [2010/08/14 22:23:58 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job [2010/08/14 22:23:58 | 000,000,360 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job [2010/08/14 22:23:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job [2010/08/14 20:22:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/08/14 19:44:37 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Justin\My Documents\HiJackThis.msi [2009/12/24 23:06:36 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009/11/25 21:31:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache [2009/01/03 19:32:25 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI [2008/11/02 07:49:32 | 000,018,605 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\abiwidez.bin [2008/11/02 07:49:32 | 000,018,146 | ---- | C] () -- C:\Program Files\Common Files\pagiga.dl [2008/11/02 07:49:32 | 000,013,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ehyjor.vbs [2008/11/02 07:49:32 | 000,011,343 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\ojapevol.com [2008/11/02 07:49:32 | 000,011,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mihyn.ban [2008/11/02 07:49:31 | 000,019,638 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mofy.pif [2008/11/02 07:49:31 | 000,018,422 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\obasixole.ban [2008/11/02 07:49:31 | 000,017,016 | ---- | C] () -- C:\Program Files\Common Files\ebeh.scr [2008/11/02 07:49:31 | 000,014,956 | ---- | C] () -- C:\Program Files\Common Files\burox.inf [2008/11/02 07:49:31 | 000,012,343 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\daqeje.dat [2008/09/28 08:40:29 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/19 00:18:57 | 000,000,655 | ---- | C] () -- C:\WINDOWS\BeatBox.INI [2008/08/18 22:36:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI [2008/08/18 22:34:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll [2008/08/18 22:33:28 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2008/08/18 22:33:17 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008/05/11 20:12:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2008/03/13 09:56:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/01/24 19:19:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2007/12/28 21:28:34 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2007/12/28 21:25:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/12/28 21:19:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007/12/28 21:19:04 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007/12/28 21:19:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/12/28 21:19:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/12/28 21:18:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/12/28 21:18:58 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/12/28 21:16:56 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007/02/21 20:30:50 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini [2007/02/21 11:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys [2006/06/13 17:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > OTL Extras logfile created on: 9/10/2010 8:17:48 PM - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Justin\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.70 Gb Total Space | 62.41 Gb Free Space | 55.87% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 3.68 Gb Total Space | 2.87 Gb Free Space | 78.10% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JUSTIN-EC1FBD7F Current User Name: Justin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Program Files\COD2\Setup\Data\CoD2MP_s.exe" = C:\Program Files\COD2\Setup\Data\CoD2MP_s.exe:*:Disabled:CoD2MP_s -- File not found "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0FFC026D-9906-441B-9EDA-5C0668927407}" = SolidWorks 2008 SP0 "{25F809CB-6B44-4EC6-B350-5EF0562D9582}" = InterVideo DVDCopy 3 "{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}" = SolidWorks Installation Manager "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise "{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5783F2D7-0111-0409-0010-0060B0CE6BBA}" = Autodesk CAD Manager Tools "{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8C525C3E-00C9-4A77-9F76-D22939DB53C0}" = Picaboo 2.5 "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components "{9C05CB18-6416-45C6-9410-5E57ECA3656D}" = Verizon Media Manager "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DE4847A9-E86B-4BBB-B991-58C5ACA4FA04}" = Diskeeper Professional Edition "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F5125699-C01A-4ED8-BD3A-265DF29859FE}" = DWGeditor "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AutoCAD 2008 - English" = AutoCAD 2008 - English "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CAL" = Canon Camera Access Library "Call of Duty" = Call of Duty "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CCleaner" = CCleaner (remove only) "CDex" = CDex extraction audio "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "CSCLIB" = Canon Camera Support Core Library "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink_is1" = DVD Shrink 3.2 "EOS Utility" = Canon Utilities EOS Utility "LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NVIDIA Drivers" = NVIDIA Drivers "PhotoStitch" = Canon Utilities PhotoStitch "Picasa 3" = Picasa 3 "PowerISO" = PowerISO "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 10 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Google Chrome" = Google Chrome "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 9/8/2010 9:58:07 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Google Update | ID = 20 Description = [ System Events ] Error - 9/10/2010 11:28:51 AM | Computer Name = JUSTIN-EC1FBD7F | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} Error - 9/10/2010 12:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901 Description = The At13.job command failed to start due to the following error: %%2147942402 Error - 9/10/2010 1:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901 Description = The At14.job command failed to start due to the following error: %%2147942402 Error - 9/10/2010 2:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901 Description = The At15.job command failed to start due to the following error: %%2147942402 Error - 9/10/2010 3:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901 Description = The At16.job command failed to start due to the following error: %%2147942402 Error - 9/10/2010 4:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901 Description = The At17.job command failed to start due to the following error: %%2147942402 Error - 9/10/2010 5:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901 Description = The At18.job command failed to start due to the following error: %%2147942402 Error - 9/10/2010 6:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901 Description = The At19.job command failed to start due to the following error: %%2147942402 Error - 9/10/2010 7:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901 Description = The At20.job command failed to start due to the following error: %%2147942402 Error - 9/10/2010 8:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901 Description = The At21.job command failed to start due to the following error: %%2147942402 < End of report
  13. Hi there. Cool site, although I haven't had the change to read too much on it yet. Hopefully someone can help me. My laptop is very slow. Had a trojan virus a month ago and thought I "cleaned" it using malewarebytes, however computer has been problematic since. I can run Firefox, albeit very slow, however IE doesn't work at all, nor does Google Chrome. Note sure if I should be using Chrome to begin with? Anyways, I ran malwarebytes again, plus did house scan from trendmicro, and neither found any problems. Here is my HJT log. Any help would be greatly appreciated!! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Justin\My Documents\PSU\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF8341.cfxxe" /c "C:\ComboFix\C.bat" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.