Jump to content

Something's not right


JRRJ

Recommended Posts

Hi there. Cool site, although I haven't had the change to read too much on it yet. Hopefully someone can help me.

My laptop is very slow. Had a trojan virus a month ago and thought I "cleaned" it using malewarebytes, however computer has been problematic since. I can run Firefox, albeit very slow, however IE doesn't work at all, nor does Google Chrome. Note sure if I should be using Chrome to begin with?

Anyways, I ran malwarebytes again, plus did house scan from trendmicro, and neither found any problems.

Here is my HJT log. Any help would be greatly appreciated!!

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Justin\My Documents\PSU\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF8341.cfxxe" /c "C:\ComboFix\C.bat"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Link to post
Share on other sites

Hi JRRJ,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

    [*]Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Link to post
Share on other sites

Hi deltalima, Thanks for the reply.

Here are the logs from OTL:

OTL logfile created on: 9/10/2010 8:17:48 PM - Run 2

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Justin\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.70 Gb Total Space | 62.41 Gb Free Space | 55.87% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 3.68 Gb Total Space | 2.87 Gb Free Space | 78.10% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JUSTIN-EC1FBD7F

Current User Name: Justin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Justin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Justin\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (OpcEnum) -- C:\WINDOWS\System32\OpcEnum.exe File not found

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

========== Driver Services (SafeList) ==========

DRV - (ApfiltrService) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys File not found

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys ()

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (iastor) -- C:\WINDOWS\System32\drivers\iastor.sys (Intel Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)

DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()

IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 17:56:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 21:15:41 | 000,000,000 | ---D | M]

[2009/02/08 09:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Mozilla\Extensions

[2010/09/10 08:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\extensions

[2009/09/02 10:50:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/20 23:50:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/09/10 08:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/29 15:37:37 | 000,000,942 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 mozilla.com

O1 - Hosts: 127.0.0.1 www.mozilla.com

O1 - Hosts: 127.0.0.1 firefox.com

O1 - Hosts: 127.0.0.1 www.firefox.com

O1 - Hosts: 127.0.0.1 www.firefox2.com

O1 - Hosts: 127.0.0.1 firefox2.com

O1 - Hosts: 127.0.0.1 ftp.saix.net

O1 - Hosts: 127.0.0.1 download.mozilla.com

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [combofix] C:\ComboFix\CF8341.cfx File not found

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O29 - HKLM SecurityProviders - (msansspc.dll) - File not found

O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRIaYop) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/02 00:08:50 | 000,000,000 | ---D | M] - C:\AutoCAD 2008 -- [ NTFS ]

O32 - Unable to obtain root file information for disk C:\

O33 - MountPoints2\{1b1a2305-b56e-11dc-af71-ff5a2286c706}\Shell - "" = AutoRun

O33 - MountPoints2\{1b1a2305-b56e-11dc-af71-ff5a2286c706}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1b1a2305-b56e-11dc-af71-ff5a2286c706}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{1b1a2307-b56e-11dc-af71-ff5a2286c706}\Shell - "" = AutoRun

O33 - MountPoints2\{1b1a2307-b56e-11dc-af71-ff5a2286c706}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1b1a2307-b56e-11dc-af71-ff5a2286c706}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/10 06:47:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Justin\Desktop\OTL.exe

[2010/09/05 09:11:34 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys

[2010/09/05 09:11:34 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2010/09/03 20:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Rt. 62 Trucks

[2010/09/01 20:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Elluminate

[2010/09/01 20:08:29 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Justin\My Documents\FileFormatConverters.exe

[2010/09/01 20:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\PSU

[2010/08/15 09:30:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/08/15 09:30:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/08/15 09:29:49 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Justin\Desktop\mbam-setup-1.46.exe

[2010/08/15 09:17:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Recent

[2010/08/14 22:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2010/08/14 22:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic

[2010/08/14 22:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic

[2010/08/14 20:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/14 20:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop\backups

[2010/08/14 20:00:08 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/08/13 21:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\wfodqahpe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/10 20:18:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\js58bkok.exe

[2010/09/10 20:16:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003UA.job

[2010/09/10 20:16:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003Core.job

[2010/09/10 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/09/10 19:50:23 | 000,152,422 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2010/09/10 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/09/10 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/09/10 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/09/10 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/09/10 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/09/10 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/09/10 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/09/10 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/09/10 11:29:06 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/09/10 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/09/10 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/09/10 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/09/10 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/09/10 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010/09/10 06:47:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justin\Desktop\OTL.exe

[2010/09/09 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/09/09 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/09/09 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/09/08 22:02:09 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/09/08 22:02:09 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/09/08 22:02:09 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/09/08 21:58:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/08 21:57:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/09/08 21:57:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/09/08 21:57:19 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Justin\NTUSER.DAT

[2010/09/08 16:17:41 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk

[2010/09/08 16:17:41 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/09/08 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010/09/06 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010/09/06 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/09/06 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/09/06 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/09/05 20:35:45 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Jen's Running Log.xls

[2010/09/05 12:02:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At50.job

[2010/09/05 09:13:22 | 000,121,112 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/09/04 04:44:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job

[2010/09/02 11:09:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/09/02 09:30:40 | 000,380,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/09/02 04:44:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job

[2010/09/01 22:02:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/09/01 20:08:59 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Justin\My Documents\FileFormatConverters.exe

[2010/09/01 18:08:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At49.job

[2010/08/31 11:07:13 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/29 15:41:25 | 003,574,272 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Financial Plan, 04-01-10.xls

[2010/08/25 04:21:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job

[2010/08/16 19:19:52 | 000,152,422 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2010/08/16 13:35:46 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to Fall Work Sched.xls.lnk

[2010/08/15 10:30:44 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Internet.lnk

[2010/08/15 10:01:19 | 004,391,588 | -H-- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\IconCache.db

[2010/08/15 09:30:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/15 09:29:54 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Justin\Desktop\mbam-setup-1.46.exe

[2010/08/15 09:24:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Justin\ntuser.ini

[2010/08/15 08:35:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/14 22:24:05 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job

[2010/08/14 19:44:39 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Justin\My Documents\HiJackThis.msi

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/10 20:18:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\js58bkok.exe

[2010/08/16 13:35:46 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Shortcut to Fall Work Sched.xls.lnk

[2010/08/15 10:30:44 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Internet.lnk

[2010/08/15 10:15:15 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Google Chrome.lnk

[2010/08/15 10:15:15 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/08/15 09:30:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/14 22:24:05 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job

[2010/08/14 22:23:58 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job

[2010/08/14 22:23:58 | 000,000,360 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job

[2010/08/14 22:23:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job

[2010/08/14 20:22:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/14 19:44:37 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Justin\My Documents\HiJackThis.msi

[2009/12/24 23:06:36 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/11/25 21:31:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\housecall.guid.cache

[2009/01/03 19:32:25 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI

[2008/11/02 07:49:32 | 000,018,605 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\abiwidez.bin

[2008/11/02 07:49:32 | 000,018,146 | ---- | C] () -- C:\Program Files\Common Files\pagiga.dl

[2008/11/02 07:49:32 | 000,013,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ehyjor.vbs

[2008/11/02 07:49:32 | 000,011,343 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\ojapevol.com

[2008/11/02 07:49:32 | 000,011,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mihyn.ban

[2008/11/02 07:49:31 | 000,019,638 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mofy.pif

[2008/11/02 07:49:31 | 000,018,422 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\obasixole.ban

[2008/11/02 07:49:31 | 000,017,016 | ---- | C] () -- C:\Program Files\Common Files\ebeh.scr

[2008/11/02 07:49:31 | 000,014,956 | ---- | C] () -- C:\Program Files\Common Files\burox.inf

[2008/11/02 07:49:31 | 000,012,343 | ---- | C] () -- C:\Documents and Settings\Justin\Application Data\daqeje.dat

[2008/09/28 08:40:29 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/19 00:18:57 | 000,000,655 | ---- | C] () -- C:\WINDOWS\BeatBox.INI

[2008/08/18 22:36:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI

[2008/08/18 22:34:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll

[2008/08/18 22:33:28 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2008/08/18 22:33:17 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2008/05/11 20:12:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[2008/03/13 09:56:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/01/24 19:19:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2007/12/28 21:28:34 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig

[2007/12/28 21:25:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/12/28 21:19:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2007/12/28 21:19:04 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2007/12/28 21:19:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/12/28 21:19:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/12/28 21:18:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/12/28 21:18:58 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/12/28 21:16:56 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2007/02/21 20:30:50 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini

[2007/02/21 11:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys

[2006/06/13 17:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 9/10/2010 8:17:48 PM - Run 2

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Justin\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.70 Gb Total Space | 62.41 Gb Free Space | 55.87% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 3.68 Gb Total Space | 2.87 Gb Free Space | 78.10% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JUSTIN-EC1FBD7F

Current User Name: Justin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

"C:\Program Files\COD2\Setup\Data\CoD2MP_s.exe" = C:\Program Files\COD2\Setup\Data\CoD2MP_s.exe:*:Disabled:CoD2MP_s -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0FFC026D-9906-441B-9EDA-5C0668927407}" = SolidWorks 2008 SP0

"{25F809CB-6B44-4EC6-B350-5EF0562D9582}" = InterVideo DVDCopy 3

"{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}" = SolidWorks Installation Manager

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise

"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{5783F2D7-0111-0409-0010-0060B0CE6BBA}" = Autodesk CAD Manager Tools

"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English

"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel

"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8C525C3E-00C9-4A77-9F76-D22939DB53C0}" = Picaboo 2.5

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components

"{9C05CB18-6416-45C6-9410-5E57ECA3656D}" = Verizon Media Manager

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DE4847A9-E86B-4BBB-B991-58C5ACA4FA04}" = Diskeeper Professional Edition

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F5125699-C01A-4ED8-BD3A-265DF29859FE}" = DWGeditor

"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility

"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"AutoCAD 2008 - English" = AutoCAD 2008 - English

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CAL" = Canon Camera Access Library

"Call of Duty" = Call of Duty

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CCleaner" = CCleaner (remove only)

"CDex" = CDex extraction audio

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"CSCLIB" = Canon Camera Support Core Library

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Shrink_is1" = DVD Shrink 3.2

"EOS Utility" = Canon Utilities EOS Utility

"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.4

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition

"NVIDIA Drivers" = NVIDIA Drivers

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa 3" = Picasa 3

"PowerISO" = PowerISO

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 10

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent DNA" = DNA

"Google Chrome" = Google Chrome

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid.

Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid.

Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid.

Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid.

Error - 9/8/2010 9:50:01 PM | Computer Name = JUSTIN-EC1FBD7F | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 9/8/2010 9:58:07 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 9/10/2010 11:28:51 AM | Computer Name = JUSTIN-EC1FBD7F | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service iPod Service

with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 9/10/2010 12:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901

Description = The At13.job command failed to start due to the following error: %%2147942402

Error - 9/10/2010 1:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901

Description = The At14.job command failed to start due to the following error: %%2147942402

Error - 9/10/2010 2:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901

Description = The At15.job command failed to start due to the following error: %%2147942402

Error - 9/10/2010 3:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901

Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 9/10/2010 4:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901

Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 9/10/2010 5:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901

Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 9/10/2010 6:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901

Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 9/10/2010 7:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901

Description = The At20.job command failed to start due to the following error: %%2147942402

Error - 9/10/2010 8:00:00 PM | Computer Name = JUSTIN-EC1FBD7F | Source = Schedule | ID = 7901

Description = The At21.job command failed to start due to the following error: %%2147942402

< End of report

Link to post
Share on other sites

GMER log:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-10 22:13:47

Windows 5.1.2600 Service Pack 2

Running: js58bkok.exe; Driver: C:\DOCUME~1\Justin\LOCALS~1\Temp\kfkyqpod.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB2E374FB]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB2E3750F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB2E3753B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB2E374E7]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB2E37525]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB2E37551]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB2E37567]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1686 5 Bytes JMP B2E3756B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetValueKey 80620C6A 2 Bytes JMP B2E37555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetValueKey + 3 80620C6D 4 Bytes [81, 32, 90, 90]

PAGE ntkrnlpa.exe!ZwRenameKey 80621FE4 7 Bytes JMP B2E37529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateKey 806225BE 5 Bytes JMP B2E374FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteKey 80622A5A 7 Bytes JMP B2E37513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622C2A 7 Bytes JMP B2E3753F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwOpenKey 80623960 5 Bytes JMP B2E374EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8FF5380, 0x2F18C7, 0xE8000020]

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB3D41400, 0x7A186, 0xE8000020]

.protect

Link to post
Share on other sites

Hi JRRJ,

Create a batch file

  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    @echo off
    schtasks /query /fo LIST /v >> results.txt
    start notepad results.txt
    Del %0


  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code
    :otl
    IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
    IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 mozilla.com
    O1 - Hosts: 127.0.0.1 www.mozilla.com
    O1 - Hosts: 127.0.0.1 firefox.com
    O1 - Hosts: 127.0.0.1 www.firefox.com
    O1 - Hosts: 127.0.0.1 www.firefox2.com
    O1 - Hosts: 127.0.0.1 firefox2.com
    O1 - Hosts: 127.0.0.1 ftp.saix.net
    O1 - Hosts: 127.0.0.1 download.mozilla.com
    O4 - HKLM..\Run: [combofix] C:\ComboFix\CF8341.cfx File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    :commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [REBOOT]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

MBRCheck

Please download MBRCheck.exe to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.

Link to post
Share on other sites

Wow, computer is getting really bad.

Here is the batch file

HostName: JUSTIN-EC1FBD7F

TaskName: AppleSoftwareUpdate

Next Run Time: 11:09:00, 9/16/2010

Status:

Last Run Time: 11:09:00, 9/2/2010

Last Result: 0

Creator: SYSTEM

Schedule: At 11:09 AM every Thu of every week, starting 8/9/2008

Task To Run: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task

Start In: N/A

Comment: N/A

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 11:09:00

Start Date: 8/9/2008

End Date: N/A

Days: THURSDAY

Months: N/A

Run As User: NT AUTHORITY\SYSTEM

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At10

Next Run Time: 09:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 9:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 09:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At11

Next Run Time: 10:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 10:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 10:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At12

Next Run Time: 11:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 11:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 11:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At13

Next Run Time: 12:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 12:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 12:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At14

Next Run Time: 13:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 1:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 13:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At15

Next Run Time: 14:00:00, 9/12/2010

Status: Could not start

Last Run Time: 14:00:00, 11/2/2008

Last Result: 0

Creator: SYSTEM

Schedule: At 2:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 14:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At16

Next Run Time: 15:00:00, 9/12/2010

Status: Could not start

Last Run Time: 15:00:00, 11/2/2008

Last Result: 0

Creator: SYSTEM

Schedule: At 3:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 15:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At17

Next Run Time: 16:00:00, 9/12/2010

Status: Could not start

Last Run Time: 16:00:00, 11/2/2008

Last Result: 0

Creator: SYSTEM

Schedule: At 4:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 16:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At18

Next Run Time: 17:00:00, 9/12/2010

Status: Could not start

Last Run Time: 17:00:00, 11/2/2008

Last Result: 0

Creator: SYSTEM

Schedule: At 5:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 17:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At19

Next Run Time: 18:00:00, 9/12/2010

Status: Could not start

Last Run Time: 18:00:00, 11/2/2008

Last Result: 0

Creator: SYSTEM

Schedule: At 6:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 18:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At20

Next Run Time: 19:00:00, 9/12/2010

Status: Could not start

Last Run Time: 19:00:00, 11/2/2008

Last Result: 0

Creator: SYSTEM

Schedule: At 7:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 19:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At21

Next Run Time: 20:00:00, 9/12/2010

Status: Could not start

Last Run Time: 20:00:00, 11/2/2008

Last Result: 0

Creator: SYSTEM

Schedule: At 8:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 20:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At22

Next Run Time: 21:00:00, 9/12/2010

Status: Could not start

Last Run Time: 21:00:00, 11/2/2008

Last Result: 0

Creator: SYSTEM

Schedule: At 9:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 21:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At23

Next Run Time: 22:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 10:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 22:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At24

Next Run Time: 23:00:00, 9/11/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 11:00 PM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 23:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At3

Next Run Time: 02:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 2:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 02:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At4

Next Run Time: 03:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 3:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 03:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At49

Next Run Time: 18:08:00, 9/15/2010

Status: Could not start

Last Run Time: 18:08:00, 2/18/2009

Last Result: 0

Creator: SYSTEM

Schedule: At 6:08 PM every Wed of every week, starting 11/22/2008

Task To Run: c:\program files\norton pc checkup\pc_checkup.exe -startscan

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 18:08:00

Start Date: 11/22/2008

End Date: N/A

Days: WEDNESDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At5

Next Run Time: 04:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 4:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 04:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At50

Next Run Time: 12:02:00, 9/12/2010

Status: Could not start

Last Run Time: 12:01:59, 2/22/2009

Last Result: 0

Creator: SYSTEM

Schedule: At 12:02 PM every Sat, Sun of every week, starting 11/22/2008

Task To Run: c:\program files\norton pc checkup\pc_checkup.exe -startscan

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 12:02:00

Start Date: 11/22/2008

End Date: N/A

Days: SUNDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At6

Next Run Time: 05:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 5:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 05:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At7

Next Run Time: 06:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 6:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 06:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At8

Next Run Time: 07:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 7:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 07:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: At9

Next Run Time: 08:00:00, 9/12/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: SYSTEM

Schedule: At 8:00 AM every Mon, Tue, Wed, Thu, Fri, Sat, Sun of every week, starting 11/2/2008

Task To Run: C:\WINDOWS\system32\ophQc4Ul.exe

Start In: N/A

Comment: Created by NetScheduleJobAdd.

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 08:00:00

Start Date: 11/2/2008

End Date: N/A

Days: SUNDAY,MONDAY,TUESDAY,WEDNESDAY,THURSDAY,FRIDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Enabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003Core

Next Run Time: 20:16:00, 9/12/2010

Status:

Last Run Time: 20:16:00, 9/10/2010

Last Result: 0

Creator: Justin

Schedule: At 8:16 PM every day, starting 8/15/2010

Task To Run: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c

Start In: N/A

Comment: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when the

Scheduled Task State: Enabled

Scheduled Type: Daily

Start Time: 20:16:00

Start Date: 8/15/2010

End Date: N/A

Days: Everyday

Months: N/A

Run As User: JUSTIN-EC1FBD7F\Justin

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: Disabled

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003UA

Next Run Time: 23:16:00, 9/11/2010

Status:

Last Run Time: 09:16:00, 9/11/2010

Last Result: 0

Creator: Justin

Schedule: Every 1 hour(s) from 8:16 PM for 24 hour(s) every day, starting 8/15/2010

Task To Run: C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Start In: N/A

Comment: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when the

Scheduled Task State: Enabled

Scheduled Type: Hourly

Start Time: 20:16:00

Start Date: 8/15/2010

End Date: N/A

Days: Everyday

Months: N/A

Run As User: JUSTIN-EC1FBD7F\Justin

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: Disabled

Repeat: Every: 1 Hour(s)

Repeat: Until: Time: None

Repeat: Until: Duration: 24 Hour(s): 0 Minute(s)

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: ParetoLogic Registration3

Next Run Time: Never

Status:

Last Run Time: Never

Last Result: 0

Creator: Justin

Schedule: Task not scheduled

Task To Run: C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns

Start In: C:\Program Files\Common Files\ParetoLogic\UUS3

Comment: N/A

Scheduled Task State: Enabled

Scheduled Type: N/A

Start Time: N/A

Start Date: 8/15/2010

End Date: N/A

Days: N/A

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: N/A

Repeat: Until: Time: N/A

Repeat: Until: Duration: N/A

Repeat: Stop If Still Running: N/A

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: ParetoLogic Update Version3

Next Run Time: 04:21:00, 9/15/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: Justin

Schedule: At 4:21 AM every Wed of every week, starting 8/14/2010

Task To Run: C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

Start In: C:\Program Files\Common Files\ParetoLogic\UUS3

Comment: ParetoLogic Update

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 04:21:00

Start Date: 8/14/2010

End Date: N/A

Days: WEDNESDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: PC Health Advisor Defrag

Next Run Time: 04:44:00, 9/16/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: Justin

Schedule: At 4:44 AM every Thu of every week, starting 8/14/2010

Task To Run: C:\Program Files\ParetoLogic\PCHA\PCHA.exe -defrag

Start In: C:\Program Files\ParetoLogic\PCHA\

Comment: PC Health Advisor Defrag

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 04:44:00

Start Date: 8/14/2010

End Date: N/A

Days: THURSDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: JUSTIN-EC1FBD7F

TaskName: PC Health Advisor

Next Run Time: 04:44:00, 9/14/2010

Status: Could not start

Last Run Time: Never

Last Result: 0

Creator: Justin

Schedule: At 4:44 AM every Tue, Sat of every week, starting 8/14/2010

Task To Run: C:\Program Files\ParetoLogic\PCHA\PCHA.exe -scan

Start In: C:\Program Files\ParetoLogic\PCHA\

Comment: PC Health Advisor

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 04:44:00

Start Date: 8/14/2010

End Date: N/A

Days: TUESDAY,SATURDAY

Months: N/A

Run As User: Could not be retrieved from the task scheduler database

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

Link to post
Share on other sites

OTL report after reboot.

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}\ deleted successfully.

C:\Program Files\AskSearch\bin\DefaultSearch.dll moved successfully.

HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

127.0.0.1 localhost removed from HOSTS file successfully

127.0.0.1 mozilla.com removed from HOSTS file successfully

127.0.0.1 firefox.com removed from HOSTS file successfully

127.0.0.1 www.firefox2.com removed from HOSTS file successfully

127.0.0.1 firefox2.com removed from HOSTS file successfully

127.0.0.1 ftp.saix.net removed from HOSTS file successfully

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 175863 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Justin

->Temp folder emptied: 850311178 bytes

->Temporary Internet Files folder emptied: 3318611 bytes

->Java cache emptied: 13904556 bytes

->FireFox cache emptied: 39472431 bytes

->Google Chrome cache emptied: 30138736 bytes

->Flash cache emptied: 30450 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 47595 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 150005965 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 3032028 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 474443559 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64703790 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 53499 bytes

RecycleBin emptied: 54033542 bytes

Total Files Cleaned = 1,606.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.11.0 log created on 09112010_225836

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\1095056539@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\1528560870@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\1730624406@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\dref=http%253A%252F%252Fwww.boston[1].com%252Fsports%252Fschools%252Ffootball%252Farticles%252F2008%252F09%252F06%252Fmass_school_football_player_dies_after_injury%252F not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg

=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=1;dcopt=ist;sz=1x1;extra%3Dnull;o[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\tile=494067&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\tile=510365&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\tile=700138&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\WPURK9Q3\tile=700138&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\%253D00000000-0000-0000-0000-000000000002%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526ReadMessageId%253Df907dd1d-3325-4ec5-a552-1c167de8461f%2526n%253D1131068674 not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1037295662@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1134326097@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1142212520@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1144402413@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,BILLBOA[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1171264739@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1374782998@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1396287980@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1399046335@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\1651232165@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\dref=http%253A%252F%252Fbl122w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1345623821 not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\dref=http%253A%252F%252Fbl122w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D524218722 not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\full_profile;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntr

y=us;reg=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=6;dcopt=ist;sz=300x250;ex[2] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg

=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=1;dcopt=ist;sz=1x1;extra%3Dnull;ord[2].5 not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg

=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=4;dcopt=ist;sz=728x90;extra%3Dnul[3] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\my_profile;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=

us;reg=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=6;dcopt=ist;sz=300x250;extr[2] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=277676&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=377681&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=927224&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=927224&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP2N0DQ3\tile=987031&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1133773671@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1227450305@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,BILLBOA[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1286532065@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1639680987@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1751526842@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\1854495862@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\dref=http%253A%252F%252Fwww.boston[1].com%252Fsports%252Fschools%252Ffootball%252Farticles%252F2008%252F09%252F06%252Fmass_school_football_player_dies_after_injury%252F not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg

=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=6;dcopt=ist;sz=300x250;extra%3Dnull[2].5 not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=277676&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=277676&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=494067&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=510365&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=512074&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\O96NW5A3\tile=700138&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1006877416@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1033019097@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1129321518@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1163944518@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1197725475@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1510241244@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1601570319@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,BILLBOA[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1632002494@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1667738574@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1679649993@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1709839717@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1807732081@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\1881431176@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,MISC1[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\connections_browser;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr

=m;cntry=us;reg=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=3;dcopt=ist;sz=160[2] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\dref=http%253A%252F%252Fbl122w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1516484271 not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\eId%253D7b7e7da1-4e62-4b83-985f-d0489de6352f%2526FolderID%253D00000000-0000-0000-0000-000000000001%2526CP%253D-1%2526n%253D1540855289%2526Action%253DReply%2526AllowUnsafe%253DTrue not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg

=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=4;dcopt=ist;sz=728x90;extra%3Dnull;[2].5 not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\home;u=5614287;title=ic;func=ops;ind=4;csize=e;zip=01864;gdr=m;cntry=us;reg

=7;edu=20078-2003;edu=18506-2009;jobs=1;sub=0;con=f;age=b;tile=6;dcopt=ist;sz=300x250;extra%3Dnu[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=377681&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=494067&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=510365&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=512074&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=512074&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=927224&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=987031&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTU305QB\tile=987031&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\1604317586@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,BILLBOA[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=107335&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=107335&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=129591&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=129591&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=165773&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=227338&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=227338&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=243415&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=264400&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=542713&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=543894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=664522&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=664522&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=697805&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=778795&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=813727&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=927968&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=952577&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=952577&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\9V3B114E\tile=959129&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\1150268756@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,BILLBOA[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=111513&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=129591&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=165773&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=227338&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=341543&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=443434&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=505181&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=543894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=543894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=547413&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=547413&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=778795&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=788584&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=884799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UKJ35S9\tile=997799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\1619771420@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,BILLBOA[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\1692059376@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,BILLBOA[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\1912022406@INTRO,BELT1,BELT2,BELT3,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,POPU

N,POPUP,EXTRA,SPONSOR,TILE1,TOPLEFT,TOPRIGHT,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOG

O

3,LOGO4,BILLBOA[1] not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\26f%3D2022332404%26l%3DLREC%26en%3Dutf-8%26rn%3D1220737557125%26em%3D%257B%2522site-attribute%2522%253A%2522content%253Dno_expandable%253Bajax_cert_expandable%2522%252C%2522ad&r=0 not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\dref=http%253A%252F%252Fbl122w[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1253086190 not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=111513&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=165773&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=210894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=210894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=243415&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=264400&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=341543&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=443434&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=443434&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=505181&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=505181&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=542713&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=573821&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=664522&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=778435&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=778795&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=788584&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=813727&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=959129&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=997799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\25LAZ6P4\tile=997799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=111513&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=210894&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=section_home&subfeature2=nosubfeature2⊂[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=243415&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=264400&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=542713&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=573821&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=573821&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=697805&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=778435&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=778435&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=search&subfeature2=race_results&subf[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=788584&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=813727&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=race_results&subfeature1=details&subfeature2=usa&subfeature3=[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=884799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=884799&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=nosubfeature2&s[2].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=927968&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=content&subfeature1=home&subfeature2=nosubfeature2&subfeature[1].htm not found!

File\Folder C:\Documents and Settings\Justin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RTFU635\tile=952577&site=network2&channel=running&subchannel=nosubchannel&tanproduct=coolrunning&b2borb2c=b2c&feature=events&subfeature1=search_results&subfeature2=usa&subfeature3[1].htm not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

RTUnHooker Report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 2)

Number of processors #2

==============================================

>Drivers

==============================================

0xB8898000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6348800 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.28 )

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5468160 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 101.28 )

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2146304 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2146304 bytes

0x804D7000 RAW 2146304 bytes

0x804D7000 WMIxWDM 2146304 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xB67A5000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)

0xB665D000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)

0xB9E1E000 iastor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)

0xB65AA000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xB3650000 C:\WINDOWS\system32\drivers\hardlock.sys 671744 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)

0xB87A8000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)

0xB9D48000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xB6320000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)

0xB63C3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB8608000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)

0xB64F7000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB3576000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xB8732000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB258F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB674F000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)

0xB8689000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB9D1B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB8705000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 184320 bytes (Synaptics, Inc., Synaptics Touchpad Driver)

0xB37BC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB2017000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xB6432000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB27D8000 C:\WINDOWS\system32\drivers\mfehidk.sys 163840 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)

0xB64CF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xB883C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xB362D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xB86E2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xB8861000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB64AD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xB6783000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x806E3000 ACPI_HAL 134400 bytes

0x806E3000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9DFE000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xB9D00000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB6268000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xB9EF3000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xB9DD5000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB86CB000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xB35F0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB8783000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)

0xB8884000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xB654F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB9DEC000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB86BA000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xB8797000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 69632 bytes (Microsoft Corporation, SecureDigital Bus Driver)

0xBA308000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)

0xBA1E8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA158000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xB28B8000 C:\WINDOWS\system32\drivers\mfeavfk.sys 65536 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)

0xBA318000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xB8EA6000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xB8F26000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xB29A8000 C:\WINDOWS\system32\drivers\mfeapfk.sys 61440 bytes (McAfee, Inc., Access Protection Filter Driver)

0xBA0A8000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xBA168000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB39D8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xB8F36000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA128000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)

0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA138000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xBA178000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xB8EF6000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 53248 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)

0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xB8EC6000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xB8F16000 C:\WINDOWS\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)

0xBA198000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xBA148000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA188000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA1C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA1B8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xB8EE6000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xB8ED6000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xBA2F8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xBA0C8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xBA1A8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xB8F06000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB2668000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xB8EB6000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)

0xBA348000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)

0xBA450000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xBA490000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xBA4A0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xBA4A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xBA4B0000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)

0xBA3E0000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)

0xBA498000 C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys 28672 bytes (McAfee, Inc., VSCore Code Analysis Driver)

0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xBA410000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xBA430000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xBA428000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)

0xBA420000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xBA418000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xBA480000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xBA488000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA440000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA448000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xBA438000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xBA408000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xBA370000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xB9CD0000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xB3605000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0xB95D0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xB3E60000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0xB649D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xB659E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xB659A000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xB9CC8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xBA584000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB9CCC000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xBA5E0000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xBA5DA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA5DC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xBA5DE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA5CE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA5CC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA7F5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA6F3000 C:\WINDOWS\System32\Drivers\cvintdrv.SYS 4096 bytes

0xBA725000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA768000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\Common\Database\FABS\fabs_service.log

!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MAGIX\Common\Database\FABS\mxdba_service.log

!-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\18A0A18Fd01

!-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\215ADD16d01

!-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\21AC1C26d01

!-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\235EE724d01

!-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\8E2365D7d01

!-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\95AB1C6Fd01

!-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\C12F11A1d01

!-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\F32D5EB6d01

!-->[Hidden] C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\Cache\F84695EEd01

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0006EA7E, Type: Inline - RelativeJump 0x80545A7E-->80545A85 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateKey, Type: Inline - RelativeJump 0x806225BE-->B27EB4FF [mfehidk.sys]

ntkrnlpa.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x80622A5A-->B27EB513 [mfehidk.sys]

ntkrnlpa.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x80622C2A-->B27EB53F [mfehidk.sys]

ntkrnlpa.exe-->NtOpenKey, Type: Inline - RelativeJump 0x80623960-->B27EB4EB [mfehidk.sys]

ntkrnlpa.exe-->NtRenameKey, Type: Inline - RelativeJump 0x80621FE4-->B27EB529 [mfehidk.sys]

ntkrnlpa.exe-->NtSetValueKey, Type: Inline - RelativeJump 0x80620C6A-->B27EB555 [mfehidk.sys]

ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x805D1686-->B27EB56B [mfehidk.sys]

Link to post
Share on other sites

MBR Report

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 2 (build 2600)

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 141):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E3000 \WINDOWS\system32\hal.dll

0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 ohci1394.sys

0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xBA0C8000 isapnp.sys

0xBA4BC000 compbatt.sys

0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xBA0D8000 MountMgr.sys

0xB9F49000 ftdisk.sys

0xBA5AC000 dmload.sys

0xB9F23000 dmio.sys

0xBA330000 PartMgr.sys

0xBA0E8000 VolSnap.sys

0xB9F0B000 atapi.sys

0xBA338000 cercsr6.sys

0xB9EF3000 \WINDOWS\System32\Drivers\SCSIPORT.SYS

0xB9E1E000 iastor.sys

0xBA0F8000 disk.sys

0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9DFE000 fltMgr.sys

0xB9DEC000 sr.sys

0xB9DD5000 KSecDD.sys

0xB9D48000 Ntfs.sys

0xB9D1B000 NDIS.sys

0xB9D00000 Mup.sys

0xBA2F8000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB8898000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB8884000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xBA408000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB8861000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA410000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB883C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB87A8000 \SystemRoot\system32\DRIVERS\bcmwl5.sys

0xBA308000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0xBA318000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xB8797000 \SystemRoot\system32\DRIVERS\sdbus.sys

0xBA128000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

0xB8783000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

0xB8732000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

0xBA138000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xB8705000 \SystemRoot\system32\DRIVERS\SynTP.sys

0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA420000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA428000 \SystemRoot\system32\drivers\iviaspi.sys

0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB86E2000 \SystemRoot\system32\DRIVERS\ks.sys

0xBA430000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xB9CD0000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xB9CCC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xBA7F5000 \SystemRoot\system32\DRIVERS\audstub.sys

0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB9CC8000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB86CB000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB86BA000 \SystemRoot\system32\DRIVERS\psched.sys

0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB8689000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA5CE000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB8608000 \SystemRoot\system32\DRIVERS\update.sys

0xB95D0000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xBA1C8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB8F36000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xB67A5000 \SystemRoot\system32\drivers\sthda.sys

0xB6783000 \SystemRoot\system32\drivers\portcls.sys

0xB8F26000 \SystemRoot\system32\drivers\drmk.sys

0xB674F000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

0xB665D000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xB65AA000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xBA450000 \SystemRoot\System32\Drivers\Modem.SYS

0xBA5DA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA768000 \SystemRoot\System32\Drivers\Null.SYS

0xBA480000 \SystemRoot\System32\drivers\vga.sys

0xBA5DC000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA5DE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA488000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA490000 \SystemRoot\System32\Drivers\Npfs.SYS

0xBA584000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB654F000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB64F7000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB8F16000 \SystemRoot\system32\drivers\mfetdik.sys

0xB64CF000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB64AD000 \SystemRoot\System32\drivers\afd.sys

0xB8F06000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB8EF6000 \SystemRoot\System32\Drivers\SCDEmu.SYS

0xB6432000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB63C3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA498000 \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys

0xB8EE6000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA4A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xB659E000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xB8ED6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xBA4A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBA4B0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0xB8EC6000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xB6320000 \SystemRoot\system32\DRIVERS\Wdf01000.sys

0xB659A000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xBA348000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0xB8EB6000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB8EA6000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xBA1E8000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB6268000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xBA5E0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB649D000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA370000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA725000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xB3E60000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB37BC000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xBA6F3000 \SystemRoot\System32\Drivers\cvintdrv.SYS

0xB3650000 \??\C:\WINDOWS\system32\drivers\hardlock.sys

0xB362D000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xB35F0000 \SystemRoot\system32\drivers\wdmaud.sys

0xB39D8000 \SystemRoot\system32\drivers\sysaudio.sys

0xB3576000 \SystemRoot\system32\DRIVERS\srv.sys

0xB3605000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xB27D8000 \SystemRoot\system32\drivers\mfehidk.sys

0xBA3E0000 \SystemRoot\system32\drivers\mfebopk.sys

0xB29A8000 \SystemRoot\system32\drivers\mfeapfk.sys

0xB28B8000 \SystemRoot\system32\drivers\mfeavfk.sys

0xB258F000 \SystemRoot\System32\Drivers\HTTP.sys

0xB2668000 \SystemRoot\System32\Drivers\Normandy.SYS

0xB1F9C000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):

0 System Idle Process

4 System

900 C:\WINDOWS\system32\smss.exe

964 csrss.exe

996 C:\WINDOWS\system32\winlogon.exe

1040 C:\WINDOWS\system32\services.exe

1052 C:\WINDOWS\system32\lsass.exe

1216 C:\WINDOWS\system32\svchost.exe

1284 svchost.exe

1324 C:\WINDOWS\system32\svchost.exe

1444 svchost.exe

1472 svchost.exe

1628 C:\WINDOWS\system32\WLTRYSVC.EXE

1708 C:\WINDOWS\system32\BCMWLTRY.EXE

1716 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

1944 C:\WINDOWS\explorer.exe

2016 C:\WINDOWS\NOTEPAD.EXE

408 C:\WINDOWS\system32\WLTRAY.EXE

416 C:\WINDOWS\system32\rundll32.exe

428 C:\WINDOWS\system32\rundll32.exe

432 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

452 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

604 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

620 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

628 C:\Program Files\McAfee\Common Framework\Mctray.exe

700 C:\Program Files\iTunes\iTunesHelper.exe

728 C:\Program Files\Ahead\Nero\NeroNero.exe

760 C:\Program Files\Ahead\Nero\NeroNero.exe

820 C:\WINDOWS\system32\spoolsv.exe

876 C:\Documents and Settings\Justin\Application Data\Desktop Security\Desktop Security 2010.exe

944 C:\Documents and Settings\Justin\Application Data\Desktop Security\securitycenter.exe

140 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

1056 C:\Program Files\Logitech\SetPoint\SetPoint.exe

1396 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

1640 svchost.exe

1844 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

1892 C:\Program Files\Java\jre6\bin\jqs.exe

2056 C:\Program Files\McAfee\Common Framework\FrameworkService.exe

2200 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

2240 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

2324 C:\WINDOWS\system32\nvsvc32.exe

2360 naPrdMgr.exe

2432 C:\WINDOWS\system32\svchost.exe

2680 C:\Program Files\Canon\CAL\CALMAIN.exe

3004 C:\Program Files\iPod\bin\iPodService.exe

3348 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeQuickTime7.6.6.exe

3432 C:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\ja.lproj\QuickTimeResourcesQuickTime.exe

3728 C:\Program Files\Common Files\Microsoft Shared\EURO\OfficeOffice11.0.5510.exe

356 C:\Program Files\Mozilla Firefox\firefox.exe

888 C:\WINDOWS\system32\svchost.exe

2632 C:\Documents and Settings\Justin\Desktop\RKUnhookerLE.EXE

3680 C:\Documents and Settings\Justin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2120BH, Rev: 0085000B

Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

Well, I ran malwarebytes again. I updated it first and then did a quick scan. It found 54 items, which I removed. Here is the log.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4597

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

9/11/2010 11:48:21 PM

mbam-log-2010-09-11 (23-48-21).txt

Scan type: Quick scan

Objects scanned: 143650

Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 7

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 40

Memory Processes Infected:

C:\program files\Ahead\Nero\NeroNero.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\program files\Ahead\Nero\NeroNero.exe (Trojan.Downloader) -> Unloaded process successfully.

c:\program files\quicktime\QTSystem\quicktime.resources\zh_cn.lproj\quicktimequicktime7.6.6.exe (Trojan.Downloader) -> Unloaded process successfully.

c:\program files\quicktime\QTSystem\corevideo.resources\ja.lproj\quicktimeresourcesquicktime.exe (Trojan.Downloader) -> Unloaded process successfully.

c:\program files\common files\microsoft shared\EURO\officeoffice11.0.5510.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Documents and Settings\Justin\Application Data\Desktop Security\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Unloaded process successfully.

C:\Documents and Settings\Justin\Application Data\Desktop Security\securitycenter.exe (Rogue.DesktopSecurity) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{08c72dd4-19ad-49f1-83da-8542b4d302c5} (Trojan.FakeCodec) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\encodernero (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcdmenuvcdmenu (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop security (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\program files\Ahead\Nero\NeroNero.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\program files\quicktime\QTSystem\quicktime.resources\zh_cn.lproj\quicktimequicktime7.6.6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\program files\quicktime\QTSystem\corevideo.resources\ja.lproj\quicktimeresourcesquicktime.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\program files\common files\microsoft shared\EURO\officeoffice11.0.5510.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Application Data\Desktop Security\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Application Data\Desktop Security\securitycenter.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Application Data\Desktop Security\securityhelper.exe (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Application Data\Desktop Security\taskmgr.dll (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Start Menu\Programs\Desktop Security.LNK (Rogue.DesktopSecurity) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\02c9c3c35bdx5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\17dkf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\472a10e2ebxd9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\56493.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\al3erfa3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\alerfa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\backd-efq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\cosock.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\cunifuc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\dd10x10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\ddoll3342.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\dkfjd93.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\ds7hw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\eelnvd13.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\eephilpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\gedx_ae09.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\gpupz2a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\hhbboll_2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\hodeme.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\hvipws9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\jdhellwo3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\jofcdks.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\kilslmd.exex (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\kjdh_gf_jjdhgd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\lorsk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\pswwg3c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\qwedvor.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\qwklrvjhqlkj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\wrcud12.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Justin\Local Settings\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi JRRJ,

I ran malwarebytes again

Please do not run any scans or make any changes to the system other than the ones I ask for.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:

C:\WINDOWS\system32\ophQc4Ul.exe

Press Submit - this will submit the file for testing.

Please wait for all the scanners to finish then copy and paste the results in your next response.

It seems that Combofix has been run unsuccessfully on this computer, please let me know what happened when it ran and if you disabled McAfee before running it.

Link to post
Share on other sites

Sorry, but my computer was being taken over by hoax virus protection pop-ups every 2 minutes. I'll be sure to not run any more programs.

Forgive me but I'm a little confused about the Virustotal instructions. You say to "Copy/paste this file and path into the white box at the top:"

I'm not sure what white box you are referring to. When I open Virus Total there is a white box in the middle of the screen that is where you can upload a file. When I click on this white box it asks for me to choose a file on my machine. When I copy and paste the file, it states that it cannot be found.

Link to post
Share on other sites

When I click on this white box it asks for me to choose a file on my machine. When I copy and paste the file, it states that it cannot be found.

OK. the file may have already been removed, we can check later.

Please let me know what happened with Combofix and if McAfee was disabled when it was run.

Link to post
Share on other sites

Hi JRRJ,

I'm not sure what Combofix is, I don't think it is something I've run. My friend who I bought the computer from in '08 may have run it??

OK that would explain it.

Run Combofix

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it

Link to post
Share on other sites

Sorry for delay, crazy week!!

ComboFix 10-09-17.04 - Justin 09/18/2010 10:46:40.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1537 [GMT -4:00]

Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\bold.log

c:\documents and settings\Justin\Application Data\Desktop Security

c:\documents and settings\Justin\Start Menu\Programs\Desktop Security

c:\documents and settings\Justin\Start Menu\Programs\Desktop Security\Activate Desktop Security.lnk

c:\documents and settings\Justin\Start Menu\Programs\Desktop Security\Desktop Security.lnk

c:\documents and settings\Justin\Start Menu\Programs\Desktop Security\Help Desktop Security.lnk

c:\documents and settings\Justin\Start Menu\Programs\Desktop Security\How to Activate Desktop Security.lnk

c:\windows\iravajam.exe

c:\windows\xuxivucozu._sy

c:\windows\yxehyjeq.exe

c:\windows\system32\ws2_32.dll . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))

.

2010-09-18 13:58 . 2010-09-18 13:58 -------- d-----w- c:\documents and settings\Justin\Local Settings\Application Data\Yahoo

2010-09-18 13:57 . 2010-09-18 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2010-09-18 13:57 . 2010-09-18 13:58 -------- d-----w- c:\documents and settings\Justin\Application Data\Yahoo!

2010-09-18 13:56 . 2010-09-18 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-09-18 13:56 . 2010-04-20 20:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

2010-09-18 13:55 . 2010-09-18 13:57 -------- d-----w- c:\program files\Yahoo!

2010-09-12 02:58 . 2010-09-12 02:58 -------- d-----w- C:\_OTL

2010-09-11 13:50 . 2010-09-11 13:50 -------- d-----w- C:\QUARANTINE

2010-09-05 13:11 . 2004-08-04 03:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-09-05 13:11 . 2004-08-04 03:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-09-02 00:44 . 2010-09-02 00:45 -------- d-----w- c:\documents and settings\Justin\Application Data\Elluminate

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-09 01:53 . 2008-11-22 02:44 -------- d-----w- c:\documents and settings\Justin\Application Data\DNA

2010-09-09 01:43 . 2008-11-22 02:44 -------- d-----w- c:\program files\DNA

2010-09-05 13:13 . 2007-12-28 17:56 121112 ----a-w- c:\documents and settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-02 13:22 . 2010-02-15 23:05 -------- d-----w- c:\documents and settings\Justin\Application Data\ZoomBrowser EX

2010-09-02 13:22 . 2010-02-15 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser

2010-09-02 00:09 . 2008-01-21 14:12 -------- d-----w- c:\program files\MSECache

2010-08-16 23:19 . 2009-09-15 01:25 -------- d-----w- c:\program files\Call of Duty

2010-08-16 23:19 . 2007-12-29 01:19 152422 ----a-w- c:\windows\system32\nvModes.dat

2010-08-15 13:30 . 2010-08-15 00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-15 13:13 . 2008-11-04 17:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-15 13:12 . 2010-08-15 13:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-15 12:35 . 2010-08-15 00:22 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-15 02:23 . 2010-08-15 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2010-08-15 02:23 . 2010-08-15 02:23 -------- d-----w- c:\program files\ParetoLogic

2010-08-15 02:23 . 2010-08-15 02:23 -------- d-----w- c:\program files\Common Files\ParetoLogic

2010-07-31 01:35 . 2009-12-25 03:06 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-31 01:35 . 2009-12-25 03:06 202448 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-07-29 15:11 . 2009-04-11 11:47 -------- d-----w- c:\program files\Safari

2010-07-29 15:09 . 2010-07-29 15:09 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

2010-07-22 15:15 . 2010-07-22 15:14 -------- d-----w- c:\program files\iTunes

2010-07-22 15:14 . 2010-07-22 15:14 -------- d-----w- c:\program files\iPod

2010-07-22 15:14 . 2008-01-05 20:58 -------- d-----w- c:\program files\Common Files\Apple

2010-07-22 15:09 . 2010-07-22 15:09 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe

2010-07-08 15:14 . 2010-07-08 15:14 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2008-11-02 11:49 . 2008-11-02 11:49 18146 ----a-w- c:\program files\Common Files\pagiga.dl

2008-11-02 11:49 . 2008-11-02 11:49 17016 ----a-w- c:\program files\Common Files\ebeh.scr

2008-11-02 11:49 . 2008-11-02 11:49 14956 ----a-w- c:\program files\Common Files\burox.inf

.

------- Sigcheck -------

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll

[-] 2004-08-04 . 991AC20A286611A762C781077CE6D840 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

c:\windows\System32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"NVHotkey"="nvHotkey.dll" [2007-05-12 67584]

"NvMediaCenter"="NvMCTray.dll" [2007-05-12 81920]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-12 8429568]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-28 253952]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-18 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-01-09 17:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\Justin\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk]

path=c:\documents and settings\Justin\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk

backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-09-06 00:01 133104 ----atw- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-16 11:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-05-12 03:57 8429568 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SolidWorks Licensing Service"=3 (0x3)

"NITaggerService"=2 (0x2)

"idsvc"=3 (0x3)

"FirebirdServerMAGIXInstance"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

S3 Normandy;Normandy SR2; [x]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/5/2008 5:37 PM 611064]

.

Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003Core.job

- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:01]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1229272821-725345543-1003UA.job

- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:01]

2010-08-15 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2010-08-25 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2010-09-02 c:\windows\Tasks\PC Health Advisor Defrag.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-06-23 04:06]

2010-09-18 c:\windows\Tasks\PC Health Advisor.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-06-23 04:06]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\zd17tmzl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Justin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-18 10:53

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3920)

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\shdoclc.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\windows\system32\nvsvc32.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\RunDLL32.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-09-18 10:59:00 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-18 14:58

Pre-Run: 68,645,953,536 bytes free

Post-Run: 68,573,782,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 668763D9CE33A7787BAAE3715C0432EC

Link to post
Share on other sites

Hi JRRJ,

Download SystemLook and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    ws2_32.dl*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Hi deltalima,

SystemLook 04.09.10 by jpshortstuff

Log created at 11:51 on 19/09/2010 by Justin

Administrator - Elevation successful

========== filefind ==========

Searching for "ws2_32.dl*"

C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll --a---- 82432 bytes [23:17 01/08/2008] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A

C:\WINDOWS\system32\ws2_32.dll --a---- 82944 bytes [12:00 04/08/2004] [12:00 04/08/2004] 991AC20A286611A762C781077CE6D840

-= EOF =-

Link to post
Share on other sites

Hi JRRJ,

Please go here and click download to download the Windows XP Service Pack 2 Network Installation Package and save the file.

If any of these instructions are unclear please ask before continuing.

  • Now use Windows Explorer to create a folder called sp2 in the root of drive C:
  • Move the service pack install file into that folder
  • Open a command prompt widow (start - run - cmd)
  • At the command prompt
  • Type C: and press enter
  • Type cd \sp2 and press enter
  • Type WindowsXP-KB835935-SP2-ENU.exe -x: c:\sp2 and press enter
  • This should now extract the service pack files into that folder, if it tries to do anything else cancel and let me know.
  • Type cd i386 and press enter
  • Type expand ws2_32.dl_ ws2_32.dll and press enter
  • Type exit and press enter to close the command console

ComboFix - CFScript

WARNING !

This script is for THIS user and computer ONLY!

Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

  1. Please open Notepad and copy/paste all the text below... into the window:
    FCOPY::
    c:\windows\system32\ws2_32.dll | c:\ws2_32.dll
    c:\sp2\i386\ws2_32.dll | c:\windows\system32\ws2_32.dll


  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    ComboFixScriptDrag.gif
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  5. Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.