Jump to content

Spyware.Passwords.XGen - Can't Get Rid of These


Recommended Posts

I have been trying for four days to get rid of this virus. Started out as BKDR_CYCBOT, but has since turned up with these five items I can't get rid of. It's messing up my wireless, and bringing up search pages when I click on any links. I tried most of what was in the pinned instructions, but I ended up getting a blue screen saying it was dumping the physical memory. Please HELP!

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5249

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/7/2010 8:22:52 AM

mbam-log-2010-12-07 (08-22-42).txt

Scan type: Quick scan

Objects scanned: 165670

Time elapsed: 17 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Spyware.Passwords.XGen) -> Value: svchost -> No action taken.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOCUME~1\BRIT\LOCALS~1\Temp\csrss.exe) Good: () -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\BRIT\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> No action taken.

c:\documents and settings\BRIT\local settings\Temp\csrss.exe (Trojan.Agent) -> No action taken.

________________________________________________________________________________

___

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:24:41 AM, on 12/7/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\Verizon\VSP\ServicepointService.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\WINDOWS\OEM02Mon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\dlcxcoms.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe

C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Verizon\FiOS\ihs\iSupport.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\BRIT\Desktop\HijackThis.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59798

F3 - REG:win.ini: load=C:\DOCUME~1\BRIT\LOCALS~1\Temp\csrss.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [svchost] C:\Documents and Settings\BRIT\Application Data\Microsoft\conhost.exe

O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"

O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0...inAxControl.CAB

O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} (Nsepa Control) - https://access.oxy.com/epa/vista/nsepa.ocx

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab

O16 - DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://72.214.47.6/cab/OCXChecker_8000.cab

O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.oldetownepetresort.com:9276/activex/AMC.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe

O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Verizon PC Security Checkup Service (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\PC Security Checkup\RpsSecurityAwareR.exe

O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 15145 bytes

Link to post
Share on other sites

Hello bmcmanus

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:24:41 AM, on 12/7/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\Verizon\VSP\ServicepointService.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\WINDOWS\OEM02Mon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\dlcxcoms.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe

C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Verizon\FiOS\ihs\iSupport.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\BRIT\Desktop\HijackThis.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59798

F3 - REG:win.ini: load=C:\DOCUME~1\BRIT\LOCALS~1\Temp\csrss.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [svchost] C:\Documents and Settings\BRIT\Application Data\Microsoft\conhost.exe

O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"

O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0...inAxControl.CAB

O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} (Nsepa Control) - https://access.oxy.com/epa/vista/nsepa.ocx

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab

O16 - DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://72.214.47.6/cab/OCXChecker_8000.cab

O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.oldetownepetresort.com:9276/activex/AMC.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe

O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Verizon PC Security Checkup Service (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\PC Security Checkup\RpsSecurityAwareR.exe

O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 15145 bytes

Link to post
Share on other sites

OTL logfile created on: 12/7/2010 8:49:55 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\BRIT\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.36 Gb Total Space | 72.04 Gb Free Space | 50.25% Space Free | Partition Type: NTFS

Computer Name: BRITBASHAM | User Name: BRIT | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BRIT\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Verizon\FiOS\ihs\iSupport.exe (Verizon)

PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()

PRC - C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)

PRC - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)

PRC - C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe (Radialpoint Inc.)

PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)

PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\pccmain.exe (Trend Micro Inc.)

PRC - C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)

PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

PRC - C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)

PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\PCCVScan.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

PRC - C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )

PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\BRIT\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe (McAfee, Inc.)

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (ServicepointService) -- C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (Radialpoint Security Services) -- C:\Program Files\Verizon\PC Security Checkup\RpsSecurityAwareR.exe (Verizon)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)

SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (DellAMBrokerService) -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe ()

SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)

SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys File not found

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (dump_wmimmc) -- C:\Program Files\NCsoft\Exteel\System\GameGuard\dump_wmimmc.sys File not found

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)

DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)

DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)

DRV - (OEM02Vfx) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (OEM02Dev) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (datunidr) -- C:\WINDOWS\system32\drivers\datunidr.sys (Gteko Ltd.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)

DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)

DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (DXEC02) -- C:\WINDOWS\system32\drivers\dxec02.sys (Knowles Acoustics)

DRV - (PTproct) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)

DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (sonypvf2) -- C:\WINDOWS\System32\drivers\sonypvf2.sys (Sony Corporation)

DRV - (sonypvt2) -- C:\WINDOWS\System32\drivers\sonypvt2.sys (Sony Corporation)

DRV - (sonypvl2) -- C:\WINDOWS\System32\drivers\sonypvl2.sys (Sony Corporation)

DRV - (sonypvd2) -- C:\WINDOWS\system32\drivers\sonypvd2.sys (Sony Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3071221

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64667

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/23 19:50:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 18:18:40 | 000,000,000 | ---D | M]

[2010/01/19 23:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\Mozilla\Extensions

[2010/01/19 23:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)

O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()

O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: fredericks.com ([secureweb] https in Trusted sites)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: oxy.com ([access] https in Trusted sites)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} https://access.oxy.com/epa/vista/nsepa.ocx (Nsepa Control)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} http://www.rockyou.com/RockYouImageUploader.cab (RockYou Image Uploader Control)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://72.214.47.6/cab/OCXChecker_8000.cab (OCXDownloadChecker Control)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} http://www.rockyou.com/RockYouImageUploader.cab (RockYou Image Uploader Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam.oldetownepetresort.com:9276/activex/AMC.cab (AxisMediaControlEmb Class)

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0...inAxControl.CAB (Reg Error: Key error.)

O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\BRIT\Application Data\dwm.exe) - C:\Documents and Settings\BRIT\Application Data\dwm.exe ()

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\BRIT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\BRIT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 09:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/12/07 08:47:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BRIT\Desktop\OTL.exe

[2010/12/07 07:09:56 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\BRIT\Desktop\HijackThis.exe

[2010/12/05 15:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BRIT\Application Data\Malwarebytes

[2010/12/05 15:33:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/05 15:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/12/05 15:33:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/05 15:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/12/05 15:07:16 | 000,000,000 | ---D | C] -- C:\1a455dcefb8ad2e218e24f

[2010/12/05 09:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/12/05 09:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BRIT\Application Data\McAfee

[2010/12/05 09:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee

[2010/12/05 09:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/12/05 09:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint

[2010/12/04 07:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2010/12/04 07:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan

[2010/12/04 07:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2010/12/04 07:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010/12/03 21:31:06 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010/12/03 21:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender

[2010/12/02 20:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2010/12/02 12:29:14 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\BRIT\Desktop\TDSSKiller.exe

[2010/11/27 11:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BRIT\Application Data\GARMIN

[2010/11/23 15:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BRIT\Application Data\PCDr

[2008/04/30 16:04:31 | 000,008,192 | ---- | C] ( ) -- C:\WINDOWS\System32\cshost.dll

[2007/12/21 02:35:02 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll

[2007/12/21 02:35:01 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll

[2007/12/21 02:35:01 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll

[2007/12/21 02:35:01 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll

[2007/12/21 02:35:01 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll

[2007/12/21 02:35:01 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll

[2007/12/21 02:35:01 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll

[2007/12/21 02:35:01 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll

[2007/12/21 02:35:01 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll

[2007/12/21 02:35:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll

[2007/12/21 02:35:01 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 09:48:20 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\BRIT\Desktop\TDSSKiller.exe

[2010/12/07 09:47:40 | 001,230,433 | ---- | M] () -- C:\Documents and Settings\BRIT\Desktop\tdsskiller.zip

[2010/12/07 09:34:59 | 000,008,600 | ---- | M] () -- C:\Documents and Settings\BRIT\Application Data\BAD6.393

[2010/12/07 09:01:01 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2010/12/07 08:48:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BRIT\Desktop\OTL.exe

[2010/12/07 08:17:35 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\BRIT\Desktop\Vz In-Home Agent.lnk

[2010/12/07 08:16:36 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/12/07 08:12:05 | 000,091,934 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2010/12/07 08:09:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/07 08:09:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/07 07:16:27 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8EB49630-94EF-4CCE-BE62-EB08A7F719C0}.job

[2010/12/07 07:10:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\BRIT\Desktop\HijackThis.exe

[2010/12/06 18:57:51 | 000,139,776 | ---- | M] () -- C:\Documents and Settings\BRIT\Application Data\dwm.exe

[2010/12/05 15:33:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/05 09:35:40 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk

[2010/12/05 09:35:40 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\vtscheduletask.job

[2010/12/05 09:27:09 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/12/04 07:28:11 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2010/12/04 07:28:11 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010/12/03 21:00:05 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\BRIT\Desktop\WindowsDefender.msi

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/22 15:44:40 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\BRIT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/20 08:54:39 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/11/07 18:36:54 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/07 18:36:54 | 000,078,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 09:47:36 | 001,230,433 | ---- | C] () -- C:\Documents and Settings\BRIT\Desktop\tdsskiller.zip

[2010/12/05 15:48:07 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/12/05 15:33:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/05 15:07:28 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2010/12/05 09:35:40 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk

[2010/12/05 09:35:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\vtscheduletask.job

[2010/12/05 09:27:09 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/12/04 21:25:58 | 000,139,776 | ---- | C] () -- C:\Documents and Settings\BRIT\Application Data\dwm.exe

[2010/12/04 07:28:11 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2010/12/04 07:27:30 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010/12/03 21:23:14 | 000,008,600 | ---- | C] () -- C:\Documents and Settings\BRIT\Application Data\BAD6.393

[2010/12/03 21:00:02 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\BRIT\Desktop\WindowsDefender.msi

[2010/11/14 14:35:50 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\BRIT\Desktop\Vz In-Home Agent.lnk

[2010/05/28 13:23:35 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\BRIT\Local Settings\Application Data\housecall.guid.cache

[2008/06/25 21:29:54 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL

[2008/06/25 21:29:54 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini

[2008/06/25 20:56:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\BRIT\Local Settings\Application Data\fusioncache.dat

[2008/06/12 14:00:46 | 000,000,420 | ---- | C] () -- C:\WINDOWS\ULead32.ini

[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2008/02/17 18:01:48 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2008/01/31 20:26:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL

[2008/01/31 20:26:30 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL

[2008/01/31 20:25:44 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll

[2008/01/07 21:13:12 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\BRIT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/21 03:21:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/12/21 03:12:36 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2007/12/21 03:09:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2007/12/21 03:09:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/12/21 03:01:43 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2007/12/21 03:01:41 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2007/12/21 02:35:02 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll

[2007/12/21 02:35:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll

[2007/12/21 02:35:02 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll

[2007/12/21 02:35:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll

[2007/12/21 02:35:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll

[2007/12/21 02:35:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll

[2007/12/21 02:35:01 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll

[2007/12/21 02:35:01 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll

[2007/12/21 02:35:01 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll

[2007/12/21 02:35:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll

[2007/12/21 02:35:01 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll

[2007/12/21 02:34:59 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll

[2007/12/21 02:34:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll

[2007/12/21 02:34:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll

[2007/12/21 02:34:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll

[2007/12/21 02:34:11 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2007/12/21 02:33:55 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/12/21 02:33:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/12/21 02:33:54 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/12/21 02:33:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/12/21 02:32:23 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2006/02/13 09:56:04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\dlcxplc.ini

[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 13:51:17 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\odbccp32.dll

[2004/08/10 13:51:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\odbccr32.dll

========== LOP Check ==========

[2008/10/19 17:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2010/02/11 10:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2009/12/27 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video

[2008/04/08 21:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2008/11/02 14:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2008/11/02 14:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2010/12/05 09:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint

[2008/11/02 14:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2008/06/12 14:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2008/10/19 19:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

[2008/02/17 18:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\DataSafeOnline

[2010/02/11 10:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\EmailNotifier

[2010/11/27 11:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\GARMIN

[2008/11/16 19:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\GetRightToGo

[2008/07/14 07:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\ICAClient

[2008/06/10 22:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\InterVideo

[2010/02/11 10:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\ooVoo Details

[2010/02/11 10:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\oovootb

[2010/11/23 15:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\PCDr

[2008/12/21 15:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\Skinux

[2008/12/21 17:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\Snapfish

[2008/01/26 22:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRIT\Application Data\tmp

[2010/12/07 08:16:36 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2010/12/07 09:01:01 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

[2010/12/07 07:16:27 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8EB49630-94EF-4CCE-BE62-EB08A7F719C0}.job

[2010/12/05 09:35:40 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\vtscheduletask.job

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2009/05/25 16:32:08 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\?????????????????????????

???????????????????

[2009/05/25 16:32:08 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\?????????????????????????

???????????????????

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\vmm32:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\NtmsData:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\Dell:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\pss:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\PIF:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\EHome:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtServicePackUninstall$:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Temp:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Windows Live:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Ulead Systems:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Pakon:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\NCSoft:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Microsoft SQL Server Compact Edition:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Microsoft CAPICOM 2.1.0.2:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Kodak:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\InterVideo:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\InterVideo Information Service:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\Ulead:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\Ulead Systems:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\supportsoft:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\InterVideo:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\Avery:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\ArcSoft:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Axis Communications:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\Avery Wizard 3.1:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Program Files\ArcSoft:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\Zoro:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\Sony PMB:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\OXY:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\MySpaceIM Pics:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\My Received Files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\My Print Creations:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\Downloads:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\basham mcmanus, brit 091610 dexter zelda zoro.mp3:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\Audi 2005:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\Accident 121208:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\My Documents\2010 Annual Meeting.mpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Local Settings\Application Data\WMTools Downloaded Files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Local Settings\Application Data\Temp:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Local Settings\Application Data\PCHealth:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Local Settings\Application Data\Help:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Local Settings\Application Data\Downloaded Installations:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Local Settings\Application Data\Cooliris:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Local Settings\Application Data\Conduit:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Local Settings\Application Data\ArcSoft:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Desktop\IMG00079-20100327-1448.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Desktop\IMG00077-20100327-1423.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Desktop\Halloween.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Desktop\britmombrandy.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Desktop\45497_1531775890341_1113066351_31550771_6609731_n.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Desktop\4229_1099901831775_1653560896_245760_4986326_n.jpg:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Contacts:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Application Data\Verizon:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Application Data\Skype:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Application Data\Motive:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Application Data\Kodak:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Application Data\InterVideo:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Application Data\Help:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Application Data\GetRightToGo:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\BRIT\Application Data\ArcSoft:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Verizon:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Ulead Systems:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Sun:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\QuickTime:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\PCDr:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\PC-Doctor:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Musicnotes:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Motive:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Kodak:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\ArcSoft:Roxio EMC Stream

@Alternate Data Stream - 22528 bytes -> C:\WINDOWS\System32\autochk.exe:BAK

< End of report >

---------------

OTL Extras logfile created on: 12/7/2010 8:49:5 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\BRIT\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.36 Gb Total Space | 72.04 Gb Free Space | 50.25% Space Free | Partition Type: NTFS

Computer Name: BRITBASHAM | User Name: BRIT | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System -- ( )

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)

"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found

"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- File not found

"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found

"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{20159B36-3A64-49AB-B3AA-FE6DE1D93C7C}" = Computrace

"{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 22

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}" = Verizon FiOS Connection Wizard

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online

"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book

"{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent

"{5EC9AD36-5167-470E-B0F9-CB3EA12F442E}" = Avery Wizard 3.1

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{6F845B05-8B76-4302-A808-7FB21E2BC5E6}" = Sony DVD Handycam USB Driver

"{71C4CC78-DD0B-4E68-AF9F-77F88F9DE99F}" = Verizon PC Security Checkup

"{71FEC104-CF35-4F0B-8D98-32D30D77AE27}" = Verizon PC Security Checkup

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A2713384-7398-43E9-9D43-565B3A7FEFEE}" = Security Advisor

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook

"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher

"{B33E4C22-23EA-465F-BDFF-F9AE0FF364E0}" = 926plc32

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar

"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page

"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement

"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player

"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only

"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security 14

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{FD350FC2-A972-427D-800B-A2D200ACFF41}" = ImageMixer for Sony DVD Handycam

"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp

"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Advanced Video FX Engine" = Advanced Video FX Engine

"AXIS Media Control Embedded" = AXIS Media Control Embedded

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)

"Dell PC Fax" = Dell PC Fax

"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926

"Dell Webcam Center" = Dell Webcam Center

"Dell Webcam Manager" = Dell Webcam Manager

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Desktop" = Google Desktop

"GoToAssist" = GoToAssist 8.0.0.514

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{5EC9AD36-5167-470E-B0F9-CB3EA12F442E}" = Avery Wizard 3.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan Plus

"McAfee Virtual Technician" = McAfee Virtual Technician

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Essentials" = Microsoft Security Essentials

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MWASPI" = MicroStaff WINASPI

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control

"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.18

"RadialpointSecurityCleanup_is1" = Verizon PC Security Checkup 3.0.7

"SearchAssist" = SearchAssist

"SynTPDeinstKey" = Dell Touchpad

"TmPcc" = Trend Micro PC-cillin Internet Security 14

"Verizon Help and Support" = Verizon Help and Support Tool

"WIC" = Windows Imaging Component

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"309a46b1dc89b774" = Dell Driver Download Manager

"f031ef6ac137efc5" = Dell Driver Download Manager - 1

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/20/2010 6:32:09 PM | Computer Name = BRITBASHAM | Source = Application Error | ID = 1000

Description = Faulting application flipshare.exe, version 5.0.5.52727, faulting

module flipshare.exe, version 5.0.5.52727, fault address 0x000904f5.

Error - 2/20/2010 6:32:13 PM | Computer Name = BRITBASHAM | Source = Application Error | ID = 1001

Description = Fault bucket 1589489262.

Error - 2/20/2010 6:36:15 PM | Computer Name = BRITBASHAM | Source = Application Error | ID = 1000

Description = Faulting application flipshare.exe, version 5.0.5.52727, faulting

module flipshare.exe, version 5.0.5.52727, fault address 0x000904f5.

Error - 2/20/2010 6:36:19 PM | Computer Name = BRITBASHAM | Source = Application Error | ID = 1001

Description = Fault bucket 1589489262.

Error - 2/20/2010 6:37:56 PM | Computer Name = BRITBASHAM | Source = Application Error | ID = 1000

Description = Faulting application flipshare.exe, version 5.0.5.52727, faulting

module flipshare.exe, version 5.0.5.52727, fault address 0x000904f5.

Error - 2/20/2010 6:38:23 PM | Computer Name = BRITBASHAM | Source = Application Error | ID = 1001

Description = Fault bucket 1589489262.

Error - 2/24/2010 8:17:40 AM | Computer Name = BRITBASHAM | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/24/2010 8:17:49 AM | Computer Name = BRITBASHAM | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 2/28/2010 5:48:13 PM | Computer Name = BRITBASHAM | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2010 5:48:23 PM | Computer Name = BRITBASHAM | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

[ System Events ]

Error - 12/7/2010 9:59:14 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/7/2010 9:59:19 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/7/2010 9:59:24 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/7/2010 9:59:29 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/7/2010 9:59:34 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/7/2010 9:59:39 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/7/2010 9:59:44 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/7/2010 9:59:49 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/7/2010 9:59:54 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/7/2010 10:00:00 AM | Computer Name = BRITBASHAM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

< End of report >

Link to post
Share on other sites

Not a surprise that Trend Micro said that most av companies don't backup their product as much as they push it.

They usually make you pay for support even if you already paid for the av.

We will get you cleaned up in a bit.

===========

Please uninstall all of the below:

J2SE Runtime Environment 5.0 Update 6

Java

Link to post
Share on other sites

OK, every time I run on OIL.exe, paste what you've asked, click on "Fix It", I get the same blue screen that says it's deleted physical memory. Then I have to do a hard restart. I am having problems staying connected to my network.

Any other ideas? I am about to pull my hair out.

Link to post
Share on other sites

ComboFix 10-12-06.04 - BRIT 12/07/2010 21:58:50.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1580 [GMT -5:00]

Running from: c:\documents and settings\BRIT\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\BRIT\Application Data\dwm.exe

c:\documents and settings\BRIT\Application Data\Microsoft\conhost.exe

c:\documents and settings\BRIT\GoToAssistDownloadHelper.exe

c:\windows\system32\service

c:\windows\system32\service\07122010_TIS17_SfFniAU.log

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

Infected copy of c:\windows\system32\autochk.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\autochk.exe

.

((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))

.

2010-12-07 20:44 . 2010-12-07 20:44 -------- d-----w- C:\_OTL

2010-12-07 20:24 . 2010-12-07 20:24 0 ----a-w- c:\windows\system32\REN594.tmp

2010-12-07 20:23 . 2010-12-07 20:23 0 ----a-w- c:\windows\system32\REN58E.tmp

2010-12-07 20:22 . 2010-12-07 20:22 0 ----a-w- c:\windows\system32\REN588.tmp

2010-12-07 20:21 . 2010-12-07 20:21 0 ----a-w- c:\windows\system32\REN57C.tmp

2010-12-07 18:01 . 2010-12-07 18:01 189 ----a-w- c:\documents and settings\BRIT\Application Data\Microsoft\gb_11933250.bat

2010-12-07 14:53 . 2010-12-08 00:46 -------- d-----w- c:\documents and settings\BRIT\Local Settings\Application Data\Trend Micro

2010-12-07 14:51 . 2010-12-07 14:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Trend Micro

2010-12-05 20:34 . 2010-12-05 20:34 -------- d-----w- c:\documents and settings\BRIT\Application Data\Malwarebytes

2010-12-05 20:33 . 2010-12-05 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-05 20:33 . 2010-12-07 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-05 20:07 . 2010-12-05 20:07 -------- d-----w- C:\1a455dcefb8ad2e218e24f

2010-12-05 19:27 . 2010-12-05 19:30 -------- d-----w- c:\documents and settings\Administrator

2010-12-05 14:46 . 2010-12-05 14:48 -------- d-----w- c:\program files\Windows Live Safety Center

2010-12-05 14:35 . 2010-12-05 14:35 -------- d-----w- c:\documents and settings\BRIT\Application Data\McAfee

2010-12-05 14:15 . 2010-12-05 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint

2010-12-04 12:29 . 2010-12-04 12:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-12-04 12:27 . 2010-12-05 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-12-04 02:31 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-03 01:06 . 2010-12-03 01:06 -------- d-----w- c:\program files\DIFX

2010-11-27 16:45 . 2010-11-27 16:46 -------- d-----w- c:\documents and settings\BRIT\Application Data\GARMIN

2010-11-23 20:55 . 2010-11-23 20:55 -------- d-----w- c:\documents and settings\BRIT\Application Data\PCDr

2010-11-14 19:35 . 2010-11-14 19:35 65536 ----a-r- c:\documents and settings\BRIT\Application Data\Microsoft\Installer\{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe

2010-11-14 19:35 . 2010-11-14 19:35 65536 ----a-r- c:\documents and settings\BRIT\Application Data\Microsoft\Installer\{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe

2010-11-14 19:35 . 2010-11-14 19:35 65536 ----a-r- c:\documents and settings\BRIT\Application Data\Microsoft\Installer\{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}\ARPPRODUCTICON.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 16:23 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-10 18:51 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-10 18:51 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 08:50 . 2010-09-02 15:11 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 06:29 . 2008-01-17 00:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:58 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-10 18:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]

"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 405504]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-09-21 184320]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

"nwiz"="nwiz.exe" [2007-06-06 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]

"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-31 4281584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-21 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-10-19 22:24 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]

2006-06-13 23:51 286720 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

2006-06-14 21:03 307200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2007-12-21 08:15 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]

2006-06-26 22:34 299008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2006-11-05 17:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RoxWatch9"=2 (0x2)

"RoxMediaDB9"=3 (0x3)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"GoToAssist"=3 (0x3)

"GoogleDesktopManager"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dlcxcoms.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"50000:UDP"= 50000:UDP:IHA_MessageCenter

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [6/27/2008 9:51 PM 19478]

R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [6/27/2008 9:51 PM 635017]

R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [6/27/2008 9:51 PM 431236]

R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 98304]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 2:18 AM 360224]

R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [12/5/2010 9:15 AM 689392]

R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [6/27/2008 9:51 PM 64093]

S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCsoft\Exteel\System\GameGuard\dump_wmimmc.sys --> c:\program files\NCsoft\Exteel\System\GameGuard\dump_wmimmc.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\User_Feed_Synchronization-{8EB49630-94EF-4CCE-BE62-EB08A7F719C0}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://bing.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:64020

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki...

Trusted Zone: fredericks.com\secureweb

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: oxy.com\access

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB

DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab

DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} - hxxps://access.oxy.com/epa/vista/nsepa.ocx

DPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} - hxxp://www.rockyou.com/RockYouImageUploader.cab

DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://72.214.47.6/cab/OCXChecker_8000.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.oldetownepetresort.com:9276/activex/AMC.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-07 22:21

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1164446855-3900390692-1443324350-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(508)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\windows\system32\CDRTC.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Flip Video\FlipShare\FlipShareService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\rundll32.exe

c:\windows\stsystra.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\dlcxcoms.exe

.

**************************************************************************

.

Completion time: 2010-12-07 22:28:46 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-08 03:28

Pre-Run: 77,235,343,360 bytes free

Post-Run: 77,747,134,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 1733AA3EF0C3AB78A0DF3B497C8776CE

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5268

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/7/2010 10:52:04 PM

mbam-log-2010-12-07 (22-52-04).txt

Scan type: Quick scan

Objects scanned: 162785

Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan inside archives.
  • Click Scan
  • Wait for the scan to finish
  • Click on the option that says Export to text file.
  • Save it to your desktop and post the contents here in your next reply.
  • Once the log is saved click the option to delete quarantined threats and Uninstall application on close.

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.