TheTechGuide Forum

General Category => Tech Clinic => Topic started by: LilSparrow on March 05, 2009, 02:06:57 PM

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 02:06:57 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:04 PM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: addestination - {15978e47-e514-2113-704f-acc71cef3889} - C:\WINDOWS\system32\nsj344.dll
O2 - BHO: addestination search enhancer - {1DF68CD1-A404-826F-4E6D-EEC21F44CA5A} - C:\WINDOWS\system32\bfvlqpqaioerww.dll
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab (http://\"http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab\")
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab (http://\"https://secure.gopetslive.com/dev/gopets.cab\")
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab (http://\"https://secure.gopetslive.com/dev/GoPetsWeb.cab\")
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karina.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9481 bytes

Please help!

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 02:15:38 PM

Please disable Windows Defender so it won't interfere with the next steps:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Download [color=\"#FF0000\"]> ATF Cleaner <[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also post a fresh Hijackthis log please

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 02:37:26 PM

here is my Hijack this new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:59 PM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: addestination - {15978e47-e514-2113-704f-acc71cef3889} - C:\WINDOWS\system32\nsj344.dll
O2 - BHO: addestination search enhancer - {1DF68CD1-A404-826F-4E6D-EEC21F44CA5A} - C:\WINDOWS\system32\bfvlqpqaioerww.dll
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab (http://\"http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab\")
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab (http://\"https://secure.gopetslive.com/dev/gopets.cab\")
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab (http://\"https://secure.gopetslive.com/dev/GoPetsWeb.cab\")
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karina.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9435 bytes

and here is my Malwarebytes' anti-malware log

Malwarebytes' Anti-Malware 1.34
Database version: 1801
Windows 5.1.2600 Service Pack 3

3/5/2009 1:36:48 PM
mbam-log-2009-03-05 (13-36-48).txt

Scan type: Quick Scan
Objects scanned: 69782
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 03:25:52 PM

Can I have you run Malwarebytes Antimalware one more time
Here's the latest database installed on your computer
Database version: 1801

the newest is 1822

Open MalwareBytes' from the shortcut on desktop
Click the update tab>>Check for updates
Ensure you allow it Internet connection thru your Firewall
If your having trouble updating, let me know please

Then run another quick scan and post the new log afterwards

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 03:59:09 PM

Malwarebytes' Anti-Malware 1.34
Database version: 1822
Windows 5.1.2600 Service Pack 3

3/5/2009 2:58:35 PM
mbam-log-2009-03-05 (14-58-35).txt

Scan type: Quick Scan
Objects scanned: 70607
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 04:12:35 PM

I thought MBAM was updated to handle this pest

We'll get it a different way
Can you do the following please
Download and save to your desktop
[color=\"#FF0000\"]OTScanIt2[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe\")[/url]
by OldTimer

Double click on it to Run it and then Extract it to a folder on desktop
Open that newly created folder and double click on OTScanIt2.exe
Leave all defaults selected
Except, change Rootkit Search to YES
Under Additional tasks: Put a tick beside
Reg - Uninstall List

Then click on [color=\"#0000FF\"]Run Scan [/color]

When done, it will produce a log
Can you post the contents of that log back here please
A copy of it can also be found it the OTScanIt2 folder on desktop
NOTE: If you do get an error posting this log, please Upload it, but Only if you get an error

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 04:47:11 PM

kind of long but here goesOTScanIt2 logfile created on: 3/5/2009 3:37:05 PM - Run 1OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\Paige Lindsey\Desktop\OTScanIt2Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.07 Mb Total Physical Memory | 384.19 Mb Available Physical Memory | 37.89% Memory free2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.56% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 52.71 Gb Total Space | 5.49 Gb Free Space | 10.42% Space Free | Partition Type: NTFSDrive D: | 18.48 Gb Total Space | 1.56 Gb Free Space | 8.42% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: XAHRACurrent User Name: Paige LindseyLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userWhitelist: OnFile Age = 30 Days [Processes - Safe List]adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [2008/02/28 19:43:37 | 00,079,360 | ---- | M] (Autodesk)dlcccoms.exe -> %SystemRoot%\system32\dlcccoms.exe -> [2005/10/27 15:41:52 | 00,491,520 | ---- | M] ( )explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/08 20:04:36 | 00,307,704 | ---- | M] (Mozilla Corporation)jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jucheck.exe -> [2008/06/10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.)jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)mbam.exe -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe -> [2009/02/11 10:19:32 | 01,273,488 | ---- | M] (Malwarebytes Corporation)mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2008/07/11 16:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.)mcnasvc.exe -> %CommonProgramFiles%\mcafee\mna\mcnasvc.exe -> [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.)mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)psiservice.exe -> %SystemRoot%\system32\PSIService.exe -> [2006/11/02 20:40:12 | 00,174,656 | ---- | M] ()raysat_3dsmax9_32server.exe -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [2006/09/29 11:48:06 | 00,065,536 | ---- | M] ()realplay.exe -> %ProgramFiles%\Real\RealPlayer\RealPlay.exe -> [2006/08/24 02:17:15 | 00,026,112 | ---- | M] (RealNetworks, Inc.)seaport.exe -> %ProgramFiles%\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.)tablet.exe -> %SystemRoot%\system32\Tablet.exe -> [2005/12/05 15:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.)tabuserw.exe -> %SystemRoot%\system32\WTablet\TabUserW.exe -> [2005/12/05 14:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)wlcomm.exe -> %ProgramFiles%\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List](Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2006/10/08 01:16:34 | 00,072,704 | ---- | M] (Adobe Systems)(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [2008/02/28 19:43:37 | 00,079,360 | ---- | M] (Autodesk)(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)(dlcc_device) dlcc_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\dlcccoms.exe -> [2005/10/27 15:41:52 | 00,491,520 | ---- | M] ( )(fsssvc) Windows Live Family Safety [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Family Safety\fsssvc.exe -> [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation)(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/25 23:47:22 | 00,137,200 | ---- | M] (Google)(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.)(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\mcafee\mna\mcnasvc.exe -> [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2008/06/20 13:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.)(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Stopped] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.)(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [2006/09/29 11:48:06 | 00,065,536 | ---- | M] ()(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel® Corporation)(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PSIService.exe -> [2006/11/02 20:40:12 | 00,174,656 | ---- | M] ()(seaport) seaport [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.)(TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> [2005/12/05 15:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.)(windefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List](AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2006/08/24 02:17:18 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider)(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLABOIOM.SYS -> [2005/09/08 04:20:00 | 00,025,628 | ---- | M] (Sonic Solutions)(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLACDBHM.SYS -> [2005/08/25 11:16:52 | 00,005,628 | ---- | M] (Sonic Solutions)(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLADResN.SYS -> [2005/09/08 04:20:00 | 00,002,496 | ---- | M] (Sonic Solutions)(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAIFS_M.SYS -> [2005/09/08 04:20:00 | 00,086,524 | ---- | M] (Sonic Solutions)(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAOPIOM.SYS -> [2005/09/08 04:20:00 | 00,014,684 | ---- | M] (Sonic Solutions)(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAPoolM.SYS -> [2005/09/08 04:20:00 | 00,006,364 | ---- | M] (Sonic Solutions)(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLARTL_N.SYS -> [2005/08/25 11:16:16 | 00,022,684 | ---- | M] (Sonic Solutions)(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDFAM.SYS -> [2005/09/08 04:20:00 | 00,094,332 | ---- | M] (Sonic Solutions)(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDF_M.SYS -> [2005/09/08 04:20:00 | 00,087,036 | ---- | M] (Sonic Solutions)(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 02:30:00 | 00,089,264 | ---- | M] (Sonic Solutions)(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\System32\Drivers\DRVNDDM.SYS -> [2005/08/12 04:20:00 | 00,040,544 | ---- | M] (Sonic Solutions)(E100B) Intel® PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\e100b325.sys -> [2004/10/14 00:30:46 | 00,155,648 | ---- | M] (Intel Corporation)(fssfltr) fssfltr [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\fssfltr_tdi.sys -> [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation)(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider)(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSFHWBS2.sys -> [2003/11/17 13:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.)(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_DP.sys -> [2003/11/17 13:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.)(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> [2005/10/14 13:15:18 | 01,302,812 | ---- | M] (Intel Corporation)(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2003/04/09 10:48:08 | 00,011,043 | ---- | M] (Conexant)(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2008/06/27 06:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.)(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2008/06/27 06:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.)(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2008/06/27 06:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.)(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2008/06/20 05:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.)(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2008/06/27 06:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.)(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\Mpfp.sys -> [2008/06/02 14:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.)(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)(PenClass) Pen Class [Kernel | Boot | Running] -> %SystemRoot%\system32\Drivers\PenClass.sys -> [2005/11/29 15:50:42 | 00,008,138 | ---- | M] (Wacom Technology Corporation)(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions)(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2006/02/10 10:19:12 | 01,107,224 | ---- | M] (SigmaTel, Inc.)(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic)(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic)(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic)(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_CNXT.sys -> [2003/11/17 13:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.)(MBAMSwissArmy) MBAMSwissArmy [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) [Registry - Safe List]< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://red.clientapps.yahoo.com/customize/.../search/ie.html -> HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"First Home Page" -> http://www.microsoft.com/isapi/redir.dll?P...pdate&O1=b1 -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerm...tf8&oe=utf8 -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/defaulta.aspx -> HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us -> HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> Reg Error: Invalid data type. -> HKEY_CURRENT_USER\: Search\\"AutoSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx -> HKEY_CURRENT_USER\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1 -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\Paige Lindsey\Application Data\Mozilla\FireFox\Profiles\4fcxgyjw.default\prefs.js -> browser.search.defaultenginename -> "Yoog Search" ->browser.search.defaulturl -> "http://www8.yoog.com/search.php?q=" ->browser.search.selectedEngine -> "Yoog Search" ->browser.startup.homepage -> "http://go.microsoft.com/fwlink/?LinkId=69157" ->browser.startup.homepage_override.mstone -> "rv:1.9.0.6" ->extensions.enabledItems -> {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W ->extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 ->extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9 ->extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6 ->< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 04:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.){15978e47-e514-2113-704f-acc71cef3889} [HKLM] -> %SystemRoot%\system32\nsj344.dll [addestination] -> [2009/03/03 08:18:52 | 00,622,080 | ---- | M] (){1DF68CD1-A404-826F-4E6D-EEC21F44CA5A} [HKLM] -> %SystemRoot%\system32\bfvlqpqaioerww.dll [addestination search enhancer] -> [2009/02/20 04:58:50 | 00,609,792 | ---- | M] (){5c255c8a-e604-49b4-9d64-90988571cecb} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found{6ebf7485-159f-4bff-a14f-b9e3aac4465b} [HKLM] -> %ProgramFiles%\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [Search Helper] -> [2009/01/14 17:49:24 | 00,092,504 | ---- | M] (Microsoft Corp.){7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2008/06/20 05:41:56 | 00,058,688 | ---- | M] (McAfee, Inc.){9030d464-4c02-4abf-8ecc-5164760863c6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation){AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/02/25 23:39:50 | 00,251,504 | ---- | M] (){AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/02/25 23:47:25 | 00,657,904 | ---- | M] (Google Inc.){B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] (){C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2009/02/25 23:39:49 | 00,522,224 | ---- | M] (Google Inc.){e15a8dc0-8516-42a1-81ea-dc94ec1acf10} [HKLM] -> %ProgramFiles%\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation){fdad4da1-61a2-4fd8-9c17-86f7ac245081} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 04:47:42 | 00,160,496 | ---- | M] (Yahoo! Inc)< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> %ProgramFiles%\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/25 23:39:50 | 00,251,504 | ---- | M] ()"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 04:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/25 23:39:50 | 00,251,504 | ---- | M] ()ShellBrowser\\"{C7768536-96F8-4001-B1A2-90EE21279187}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not foundWebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> %ProgramFiles%\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/25 23:39:50 | 00,251,504 | ---- | M] ()WebBrowser\\"{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not foundWebBrowser\\"{C7768536-96F8-4001-B1A2-90EE21279187}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not foundWebBrowser\\"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "DLCCCATS" -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16] -> [2005/09/13 16:50:38 | 00,073,728 | ---- | M] ()"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2008/07/11 16:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)"McENUI" -> %ProgramFiles%\McAfee\MHN\McENUI.exe [C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide] -> [2008/06/13 02:59:26 | 01,176,808 | ---- | M] (McAfee, Inc.)"Motive SmartBridge" -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe [C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe] -> [2005/08/24 07:51:18 | 00,442,455 | ---- | M] (Motive, Inc.)"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/08/24 02:17:28 | 00,098,304 | ---- | M] (Apple Computer, Inc.)"RealTray" -> %ProgramFiles%\Real\RealPlayer\RealPlay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> [2006/08/24 02:17:15 | 00,026,112 | ---- | M] (RealNetworks, Inc.)"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/18 17:32:56 | 00,068,856 | ---- | M] (Google Inc.)< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)%AllUsersProfile%\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> [2003/10/10 09:06:10 | 00,217,088 | ---- | M] (Motive Communications, Inc.)%AllUsersProfile%\Start Menu\Programs\Startup\TabUserW.exe.lnk -> %SystemRoot%\system32\WTablet\TabUserW.exe -> [2005/12/05 14:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)< Paige Lindsey Startup Folder > -> C:\Documents and Settings\Paige Lindsey\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Control Panel\\"Connwiz Admin Lock" ->

-> File not found< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"HonorAutoRunSetting" -> [1] -> File not found< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"dontdisplaylastusername" ->
-> File not found\\"legalnoticecaption" -> [] -> File not found\\"legalnoticetext" -> [] -> File not found\\"shutdownwithoutlogon" -> [1] -> File not found\\"undockwithoutlogon" -> [1] -> File not found< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun" ->
-> File not found< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Display All Images with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll ["res://C:\Program Files\NetZero\qsacc\appres.dll/228"] -> File not foundDisplay Image with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll ["res://C:\Program Files\NetZero\qsacc\appres.dll/227"] -> File not found< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.){219c3416-8cb2-491a-a3c7-d9fcddc9d600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation){219c3416-8cb2-491a-a3c7-d9fcddc9d600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation){e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation){FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation){FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)CmdMapping\\"{219c3416-8cb2-491a-a3c7-d9fcddc9d600}" [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix"" -> http://< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone.< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone.< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/F/D...heckControl.cab [Windows Genuine Advantage Validation Tool] -> {3DCEC959-378A-4922-AD7E-FD5C925D927F} [HKLM] -> http://disney.go.com/pirates/online/testAc...OnlineGames.cab [Disney Online Games ActiveX Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab [Reg Error: Key error.] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_06] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab [Shockwave Flash Object] -> {E85362EF-40D4-4E5D-BE07-D6B036CCA277} [HKLM] -> https://secure.gopetslive.com/dev/gopets.cab [GoPets Control] -> {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} [HKLM] -> https://secure.gopetslive.com/dev/GoPetsWeb.cab [GoPetsWeb Control] -> Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {41A102D9-20E3-468C-B5A9-A1BEDC94187B} -> (Intel® PRO/100 VE Network Connection) -> {43A66A83-E708-4666-A08E-FBCA3B9EA745} -> () -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> karina.datADCAST -> -> File not found*MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)*MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/10/14 12:45:38 | 00,135,168 | ---- | M] (Intel Corporation)< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)"C:\Program Files\America Online 9.0\wEmail Removedexe" -> C:\Program Files\America Online 9.0\wEmail Removedexe [C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:AOL] -> File not found"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Documents and Settings\Paige Lindsey\Application Data\U3\00001860457492A0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" -> C:\Documents and Settings\Paige Lindsey\Application Data\U3\00001860457492A0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe [C:\Documents and Settings\Paige Lindsey\Application Data\U3\00001860457492A0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Disabled:Skype] -> File not found"C:\Program Files\America Online 9.0\wEmail Removedexe" -> C:\Program Files\America Online 9.0\wEmail Removedexe [C:\Program Files\America Online 9.0\wEmail Removedexe:*:Disabled:AOL] -> File not found"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" -> C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe [C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Disabled:Autodesk 3ds Max 9 32-bit] -> [2006/09/29 13:30:46 | 05,946,368 | ---- | M] (Autodesk, Inc.)"C:\Program Files\Autodesk\Backburner\manager.exe" -> C:\Program Files\Autodesk\Backburner\manager.exe [C:\Program Files\Autodesk\Backburner\manager.exe:*:Disabled:backburner 2.3 manager] -> [2006/09/06 02:39:10 | 00,110,592 | ---- | M] (Autodesk, Inc.)"C:\Program Files\Autodesk\Backburner\monitor.exe" -> C:\Program Files\Autodesk\Backburner\monitor.exe [C:\Program Files\Autodesk\Backburner\monitor.exe:*:Disabled:backburner 2.3 monitor] -> [2006/09/06 02:39:14 | 00,425,984 | ---- | M] (Autodesk, Inc.)"C:\Program Files\Autodesk\Backburner\server.exe" -> C:\Program Files\Autodesk\Backburner\server.exe [C:\Program Files\Autodesk\Backburner\server.exe:*:Disabled:backburner 2.3 server] -> [2006/09/06 02:39:12 | 00,110,592 | ---- | M] (Autodesk, Inc.)"C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe" -> C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe [C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Disabled:Maya] -> File not found"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour] -> File not found"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL] -> File not found"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Disabled:McAfee Network Agent] -> [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire] -> File not found"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox] -> [2009/02/08 20:04:36 | 00,307,704 | ---- | M] (Mozilla Corporation)"C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer] -> [2006/08/24 02:17:15 | 00,026,112 | ---- | M] (RealNetworks, Inc.)"C:\Program Files\Softnyx\Rakion\Bin\rakion.bin" -> C:\Program Files\Softnyx\Rakion\Bin\rakion.bin [C:\Program Files\Softnyx\Rakion\Bin\rakion.bin:*:Disabled:rakion] -> File not found"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger] -> File not found"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server] -> File not found"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)"C:\WINDOWS\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->"AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 12:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)< Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 12:04:08 | 00,000,000 | ---- | M] ()< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \GHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\G\Shell\\"" -> [AutoRun] -> File not foundHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\G\Shell\AutoRun\\"" -> [Auto&Play] -> File not foundHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command\G\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found [Registry - Additional Scans - Safe List]< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> _{05D60953-9012-44DF-A1A6-9DD97AD6580A} -> Corel Painter X{05D60953-9012-44DF-A1A6-9DD97AD6580A} -> Corel Painter X{0837A661-FEC3-48B3-876C-91E7D32048A9} -> Macromedia Dreamweaver 8{09416ADF-ED10-5080-10DD-50A5B2EA5C79} -> Search Assistant Addestination{0aaa9c97-74d4-47ce-b089-0b147ef3553c} -> Windows Live Messenger{205c6bdd-7b73-42de-8505-9a093f35a238} -> Windows Live Upload Tool{22b775e7-6c42-4fc5-8e10-9a5e3257bd94} -> MSVCRT{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} -> Adobe ExtendScript Toolkit 2{2BD5C305-1B27-4D41-B690-7A61172D2FEB} -> Macromedia Flash 8{2e376ad9-5c49-4f7d-a0ba-6a44e8fa5a3b} -> Next Generation Visualisations{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Sonic Update Manager{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6{3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java™ 6 Update 2{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java™ 6 Update 7{33BB4982-DC52-4886-A03B-F4C5C80BEE89} -> Windows Media Player 10{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP{35CB6715-41F8-4F99-8881-6FC75BF054B0} -> Oblivion{3b4e636e-9d65-4d67-ba61-189800823f52} -> Windows Live Communications Platform{3c52e7da-c431-4239-b66b-1bf703d5b194} -> Windows Live Photo Gallery{3D347E6D-5A03-4342-B5BA-6A771885F379} -> Backburner{3EE33958-7381-4E7B-A4F3-6E43098E9E9C} -> URL Assistant{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54} -> Dell CinePlayer{43DCF766-6838-4F9A-8C91-D92DA586DFA8} -> Microsoft Windows Journal Viewer{45338b07-a236-4270-9a77-ebb4115517b5} -> Windows Live Sign-in Assistant{4667B940-BB01-428B-986E-A0CC46497BF7} -> ELIcon{4de3e3d9-ae81-45de-9195-3015f7b1dbf3} -> Junk Mail filter update{548EEA8E-8299-497F-8057-811D2D7097DC} -> Dell Support 3.1{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} -> Macromedia Extension Manager{57f0ed40-8f11-41aa-b926-4a66d0d1a9cc} -> Microsoft Office Live Add-in 1.3{5905F42D-3F5F-4916-ADA6-94A3646AEE76} -> Dell Driver Reset Tool{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} -> Sonic Activation Module{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} -> AOLIcon{63c1109e-d977-49ed-bce3-d00d0bf187d6} -> Windows Live Mail{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -> Windows Media Player Firefox Plugin{6a92e5c5-0578-443d-91f3-92ece5f2cae2} -> Windows Live Writer{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} -> Digital Content Portal{74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore{76cd2979-09c0-493a-84b3-8fd97ef4bcea} -> Windows Live Family Safety{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3} -> Access Drivers{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C} -> 3dsmax ancillary install{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} -> Intel® PROSet for Wired Connections{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight{8a4d41f3-3eda-4dac-9403-839708ea0667} -> Install(US)2{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel® Graphics Media Accelerator Driver{8a74e887-8f0f-4017-af53-cba42211aaa5} -> Microsoft Sync Framework Runtime Native v1.0 (x86){8BF2C401-02CE-424D-BC26-6C4F9FB446B6} -> Macromedia Flash 8 Video Encoder{8EDBA74D-0686-4C99-BFDD-F894678E5B39} -> Adobe Common File Installer{8ffc5648-faf8-43a3-bc8f-42ba1e275c4e} -> Choice Guard{901B0409-6000-11D3-8CFE-0050048383C9} -> Microsoft Word 2002{94721EA3-7EA6-43EA-B99C-A5D0E3C66240} -> 924PLC32{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting{995f1e2e-f542-4310-8e1d-9926f5a279b3} -> Windows Live Toolbar{9A346205-EA92-4406-B1AB-50379DA3F057} -> Autodesk DWF Viewer 7{9c9ceb9d-53fd-49a7-85d2-fe674f72f24e} -> Microsoft Search Enhancement Pack{a06275f4-324b-4e85-95e6-87b2cd729401} -> Windows Defender{a1bf9950-8cdb-468e-83fa-eacfb00ea7d5} -> Windows Live Sync{a1f66fc9-11ee-4f2f-98c9-16f8d1e69fb7} -> Segoe UI{A683A2C0-821C-486F-858C-FA634DB5E864} -> EducateU{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} -> Dell Media Experience{AC76BA86-7AD7-1033-7B44-A70800000002} -> Adobe Reader 7.0.8{AF19F291-F22F-4798-9662-525305AE9E48} -> WordPerfect Office 12{B0DF58A2-40DF-4465-AA56-38623EC9938C} -> Documentation & Support Launcher{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} -> Adobe Setup{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE} -> Microsoft XML Parser{bd64af4a-8c80-4152-ad77-fcddf05208ab} -> Microsoft Sync Framework Services Native v1.0 (x86){C41F4616-44B6-4E8D-BFC7-4267862A2CE1} -> CinepPlayer 30 Update{c6ca8874-5f22-4af0-9be3-016bf299c536} -> Windows Live Essentials{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1{D2988E9B-C73F-422C-AD4B-A66EBE257120} -> MCU{DE1AF137-C455-494A-A817-EFE44BCCFDEE} -> Works Upgrade{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC} -> Search Assist{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect{E96D4088-AAC5-437F-9E39-EC0E387897B4} -> Autodesk 3ds Max 9 32-bit{E9787678-1033-0000-8E67-000000000001} -> Adobe Help Center 1.0{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} -> Adobe Stock Photos 1.0{f0b430d1-b6aa-473d-9b06-aa3dd01fd0b8} -> Microsoft SQL Server 2005 Compact Edition [ENU]{f6bd194c-4190-4d73-b1b1-c48c99921bfe} -> Windows Live Call963759e6-b34b-f648-28c3-2929735ebc68 -> Advanced Optimization AddestinationAdobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveXAdobe Flash Player Plugin -> Adobe Flash Player 10 PluginAdobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2Adobe_3e054d2218e7aa282c2369d939e58ff -> Adobe ExtendScript Toolkit 2BroadJump Client Foundation -> BroadJump Client FoundationCNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 -> Conexant D850 56K V.9x DFVc ModemDebut -> Debut Video RecorderDell Digital Jukebox Driver -> Dell Digital Jukebox DriverDell Photo AIO Printer 924 -> Dell Photo AIO Printer 924Edgeloop Character Modeling For 3D Professionals Only -> Edgeloop Character Modeling For 3D Professionals OnlyFBX Plugin 2006.08 for Max 9.0 -> FBX Plugin 2006.08 for Max 9.0FBX Plugin 2006.11.1 for Max 2008 -> FBX Plugin 2006.11.1 for Max 2008Google Updater -> Google UpdaterHijackThis -> HijackThis 2.0.2IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIsie7 -> Windows Internet Explorer 7Macromedia Shockwave Player -> Macromedia Shockwave Playermalwarebytes' anti-malware_is1 -> Malwarebytes' Anti-MalwareManga Studio Debut 3.0 -> Manga Studio Debut 3.0Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 05:22:26 PM

One more quick scan please, then we'll do some fixes
Please download [color=\"#0000FF\"]GooredFix[/color] (http://\"http://jpshortstuff.247fixes.com/GooredFix.exe\") and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: [color=\"red\"]Do not run Option #2 yet[/color].

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 05:27:19 PM

GooredFix v1.91 by jpshortstuff
Log created at 16:26 on 05/03/2009 running Option #1 (Paige Lindsey)
Firefox version 3.0.6 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\mozilla firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\mozilla firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 05:52:54 PM

Let's see if we can nab this the first time around

Access your Add and Remove programs:
Remove the following if it will uninstall and you can find it
RON Too1 Addestination

Supply a verification code if prompted

Return here in Firefox and follow the next set of instructions:
Open IE7>beside the Address bar, is a Search bar
To the right of the search bar is a magnifying glass and a drop down arrow
Left click the drop down arrow
and select>>"Change Search Defaults"
If you see "Yoog Search" in the list
Highlight it and Remove it
Then highlight Google (or another search provider) and set to Default
Close IE7 and don't reopen

In Firefox:
Beside the address bar is the Search engine bar
Can you use the drop down arrow beside the search box, >>Select "Manage Search Engines"
If YOOG is listed, can you highlight it and remove it
Then Highlight Google and Hit OK

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YN -> firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://red.clientapps.yahoo.com/customize/.../search/ie.html
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Paige Lindsey\Application Data\Mozilla\FireFox\Profiles\4fcxgyjw.default\prefs.js
YN -> browser.search.defaultenginename -> "Yoog Search"
YN -> browser.search.defaulturl -> "http://www8.yoog.com/search.php?q="
YN -> browser.search.selectedEngine -> "Yoog Search"
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {15978e47-e514-2113-704f-acc71cef3889} [HKLM] -> %SystemRoot%\system32\nsj344.dll [addestination]
YN -> {1DF68CD1-A404-826F-4E6D-EEC21F44CA5A} [HKLM] -> %SystemRoot%\system32\bfvlqpqaioerww.dll [addestination search enhancer]
YN -> {5c255c8a-e604-49b4-9d64-90988571cecb} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY -> bfvlqpqaioerww.dll-uninst.exe -> %SystemRoot%\System32\bfvlqpqaioerww.dll-uninst.exe
NY -> plcbgoihgbvyofx.exe -> %SystemRoot%\System32\plcbgoihgbvyofx.exe
NY -> nsj344.dll -> %SystemRoot%\System32\nsj344.dll
NY -> bfvlqpqaioerww.dll -> %SystemRoot%\System32\bfvlqpqaioerww.dll
[Custom Items]
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""
:end
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time

Can you post that log with a fresh Hijackthis log
Keep me informed how things are running please

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 07:02:38 PM

it's still giving me pop ups with addestination and the yoog search is still there

Process Explorer.EXE killed successfully!
[Processes - Safe List]
Process firefox.exe killed successfully!
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Documents and Settings\Paige Lindsey\Application Data\Mozilla\FireFox\Profiles\4fcxgyjw.default\prefs.js not found.
Registry key HKEY_LOCAL_MACHINE\Documents and Settings\Paige Lindsey\Application Data\Mozilla\FireFox\Profiles\4fcxgyjw.default\prefs.js not found.
Registry key HKEY_LOCAL_MACHINE\Documents and Settings\Paige Lindsey\Application Data\Mozilla\FireFox\Profiles\4fcxgyjw.default\prefs.js not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15978e47-e514-2113-704f-acc71cef3889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15978e47-e514-2113-704f-acc71cef3889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DF68CD1-A404-826F-4E6D-EEC21F44CA5A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DF68CD1-A404-826F-4E6D-EEC21F44CA5A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c255c8a-e604-49b4-9d64-90988571cecb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c255c8a-e604-49b4-9d64-90988571cecb}\ not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\bfvlqpqaioerww.dll-uninst.exe moved successfully.
File C:\WINDOWS\System32\plcbgoihgbvyofx.exe not found!
C:\WINDOWS\System32\nsj344.dll unregistered successfully.
C:\WINDOWS\System32\nsj344.dll moved successfully.
C:\WINDOWS\System32\bfvlqpqaioerww.dll unregistered successfully.
C:\WINDOWS\System32\bfvlqpqaioerww.dll moved successfully.
[Custom Items]
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\0CAQXCQLDCAKQ203GCARAXMYFCAFM9JYDCAR6K7NXCAR6ARE8CAE1JR2BCAGA0WW5CAZ1OAKCCAC4
YEOFCAJJ9YVQCAOYITL8CAQCRKXDCA628O2BCACTM7USCAXFYQF6CA197CJSCAEC228XCAQIB42RCANVO
5FRCA384DHO.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\DCAF2AUMZCA1F01K1CAC3A17OCALMG6OTCAQ1RVC9CA6BT7OMCAODUQQKCAF080QTCA35OUM3CA
09ZFUICA9XY3HBCA5BJ2APCA3ZE7WHCAMFILCXCAX1Q4DPCAFBENOACAF22CKPCA39WC1JCAG5A8LACA6
WVY3OCA01X3OV.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\GCA1IYMXDCAV56WIBCASN7MBICARI1J5UCAX3US7RCAPRHVOKCA6N8GM6CAZJ45VYCAUUFXHKCA
D3NB1WCA7WJDITCAOZ7MWACAAIRSSICACDAFDVCAS0ZF0JCAR2NOS8CAPOREQICA44LVFVCAJ3DHKFCAK
VY4MQCATUPC2C.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\KCA4LROZFCAULJ9CDCAQ48PT1CAFHFPJDCAX4V3SDCAOVX4ROCAFUDY72CAR8S6ILCACYQ8OKCA
5HWESMCAQWFSUBCACSPLWNCAW5N1RVCAN79265CAJRJZ9UCAEXNDSACA1G0G0CCAP9J1T2CAYFXESWCA7
63ZDPCAIKZ728.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\QCAL38IQHCAEHZK2OCAC42ALACA3V0JPECALCYWIMCAU5ST86CAUAL662CASW9RZ2CA0VKE2DCA
W5Y17ICALKNSRKCABAIQ2XCA8HV5YHCAXVEPRQCAZWT49FCAO9X4DTCAYCKSBVCACRK183CARMT72ZCAT
EWT9DCAF6UU8C.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\TCAXAO032CA8X4V37CAE38FSPCAUY8D6MCAQ5QO9TCA14EI93CAT33TDRCA27IJGICAEOHY12CA
CJ31FZCA3ZKMPHCADI7PQ0CAJP8AKMCAQMSNA7CAY0NQZVCAO24LHZCAPOPBV7CAD5NWXKCAI27BBUCAC
YTE8ICAPJZ99J.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\UCAMYP5SNCADH4VOKCA9ABIBKCABVYIXYCALWD0E1CAH2MIZFCA122FISCA4L2WZZCASJ3UV5CA
2EBRFACASWT6J4CAV19BRACATS0NX7CANFY269CAVRAMC1CAL17BPYCA0RRAT8CA3054CXCA43MR2TCAW
0DO1MCAP0K36C.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\337;met=1;v=1;pid=27959797;aid=204990572;ko=0;cid=28027054;rid=28044933;rv=
1;&timestamp=1220414880859;eid1=2;ecn1=0;etm1=10;eid2=12;ecn2=0;etm2=8;eid3=13;
ecn3=1;etm3=0;[1].gif scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\7CA8RTYIDCAX5IHECCAWXYTVKCAB1YG1YCAUEG7IQCA1WEMXZCATM0TRVCAERE2N1CAZHPY3ICA
5RMOVPCAIZ6R51CAGIV9G6CAJOAZ34CAB6WI9RCA4TOAFICANRK9O4CAG9OBEQCA7WDJ3VCAUP09RHCA1
SFI8ICAZXBJWO.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\7CABT3HEBCAWCUMI0CAY1UFCKCA6C76BGCACE1SKGCAGEM0WOCAXZNCT0CADBJQA5CAFBI3VNCA
927DQOCAHNMYD0CALF0S5LCA51ECEWCAPEDEGNCANM55GVCA2XFUDVCASABCMSCAMJRNDECAUI5EHCCAQ
V1TK3CAW2PUI3.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\ECAZ8T7Q2CA42N56FCAZ7CRJ4CABRIPBSCAVSDSVLCA3CTYLWCAE87LB0CAE9ZEPBCA3LZFZPCA
QFZ3EICAFH19AACAGHD88YCANCXUNICAYJYO5ZCAWPS9VECAWPE7JACAT5RTK9CAH8T7M4CAHLGQSXCAR
8W66OCAULXVY0.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\ICAEQFHFRCAQ93OYOCA8LP568CAB1HJ2SCAD7CX1XCA9M1KKPCAFTDQ4QCAE1ZJNVCATFPVUDCA
I5AUY7CAO0A30RCAOBXP37CAWIJLDGCA3TYR7OCAXMD2MVCAYQTSMCCAHR6GVQCAF2T1CACAEIX4G7CAM
CGZ1VCA0PCY1I.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\QCANBUVOCCABA20OVCA1N8AJ9CAUVLIJ4CA98N85MCARLWRPZCARWWR0ACAXL7GG7CADMBLS5CA
H12SGACAI8VZ96CA00IPX5CA6SDY1HCAM8G4U2CAK3VREWCAC7ZNFJCADUVD38CAIFZDILCAWTSQ62CAR
5H9Y5CAH1RHZK.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXIYQZL5\il.live.com%252Fmail%252FInboxLight[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D2111658405 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\1CALUXLYKCAUM5AJ3CASRC1D4CA8P44A1CAUU36CHCAKV3ZE7CAPRR4JMCABBKS3JCAB5NV9BCA
M2R8I0CA5FR2Z5CAFIIRJKCAVOL9OICAWXG35ECAB23YTSCAHIXB7UCAX1FX12CAGO5PR3CAQX7VDLCAX
ESZ0OCA6KB923.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\5CAUPCJDUCAE1FT7OCADE0KW5CAPHGBX3CAK391DCCAHKAK2JCAFHKWWOCAV22F9TCALLG4H8CA
U694J4CA3COMMUCA0OCWJ0CA6R6AVACAEWTFK3CA697B0ACAYFNI69CA7HYJDNCAMJ16LBCA0471P8CAF
VN2UXCA5JRLRL.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\activity;src=1649337;met=1;v=1;pid=27959797;aid=204990572;ko=0;cid=28027054
;rid=28044933;rv=1;&timestamp=1220414870859;eid1=2;ecn1=1;etm1=10;eid2=12;ecn2=1;etm2=8;[1].gif scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\GCAW03OODCAHQHP15CA7UMNTBCAHVCR0OCARZFXSGCA4Z7PMPCAKRE806CA0OYOG7CAWRSMESCA
04DN8OCAFAS1TKCABJ76IMCAD33GFZCAJDKK9JCAJOQGHPCAXH0M9NCA2L04AFCA840F8XCAL775ZTCA9
IB38BCAVKB2MB.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\HCAESNK3HCALGEK0MCAY0K9TRCARO3SZMCAL8HSU4CA5TMYUACA3S7TTPCAI5QFJZCAFJNBVQCA
0RZDE6CA8FOJ5FCAVO97FZCA9BHAMECAZ8196GCA7NG8CSCAI10XXDCA7TV87JCAQP0TEUCAWYSTZHCAT
HYXT8CAMOJDQC.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\JCA6XUWWVCAI0DDPDCAVZ6B0BCA4LZZ3SCASSHJYRCAA0T9WSCA65TD2UCA1PKERDCAW55H1YCA
GCFPH4CAADF91QCA8U17SCCAC0WO4KCAH42B3MCAVM5JF8CAJS2KGGCAJ9QOJDCAGLJJEQCARA97PGCAK
BBEITCA6SPV51.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\OCAVFA1FFCACXTME5CAAWX6CNCANAMDIYCA63ZHE9CATJTETNCAFTUBJFCAPGDW3QCAEFYE6GCA
SHBMD4CASY9T2DCAXEFFG3CAAU2G3TCA6SSR1RCAA9DCH2CAADKM2ZCAT5SO2VCA3YPNB2CAVDTQLHCAK
6Q01SCA49RSMZ.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\SCAJB7LZ8CANXS29FCA25VSIZCASFVY8YCA4ILVVTCA4XNIHJCAHY0MXOCAIBHWK9CA4A3A1VCA
EEY1J5CA0GXS15CAB8H12JCAWUCSYACAF011I8CALS3QY9CASG9002CAHTNL1XCAZ87C42CAGLTJYQCAM
7GEBLCA9Y8STJ.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\ZCAOPW96ACA5ZMRFNCAW2V7E0CACN4UTGCA7JSFDMCAF0ZUDZCA9KRSY4CAFPQTY1CAT213DMCA
KP61Z9CA0JPD0MCAK8VYF6CA42BGJGCAKEQSG8CAVKS2AMCAJ1996PCAL13VMUCA3NC7S6CAYSM019CA8
QA3OACAWBZ297.jpg scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT12AC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT12AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT12AE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT13F3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT13F4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\~DFB9AF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\~DFB9C0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_CWxdztTk8ChDusK scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_GSM0ehWKriplhWN scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_kqYOkTwaeiJRRMj scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_1NDhrwPCPTnmTNK scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_acVJU0darqfkcaF scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_eBRyfvhHvE6g22e scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV2DD.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.8.0 fix logfile created on 03052009_175153

Files moved on Reboot...
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\0CAQXCQLDCAKQ203GCARAXMYFCAFM9JYDCAR6K7NXCAR6ARE8CAE1JR2BCAGA0WW5CAZ1OAKCCAC4
YEOFCAJJ9YVQCAOYITL8CAQCRKXDCA628O2BCACTM7USCAXFYQF6CA197CJSCAEC228XCAQIB42RCANVO
5FRCA384DHO.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\DCAF2AUMZCA1F01K1CAC3A17OCALMG6OTCAQ1RVC9CA6BT7OMCAODUQQKCAF080QTCA35OUM3CA
09ZFUICA9XY3HBCA5BJ2APCA3ZE7WHCAMFILCXCAX1Q4DPCAFBENOACAF22CKPCA39WC1JCAG5A8LACA6
WVY3OCA01X3OV.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\GCA1IYMXDCAV56WIBCASN7MBICARI1J5UCAX3US7RCAPRHVOKCA6N8GM6CAZJ45VYCAUUFXHKCA
D3NB1WCA7WJDITCAOZ7MWACAAIRSSICACDAFDVCAS0ZF0JCAR2NOS8CAPOREQICA44LVFVCAJ3DHKFCAK
VY4MQCATUPC2C.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\KCA4LROZFCAULJ9CDCAQ48PT1CAFHFPJDCAX4V3SDCAOVX4ROCAFUDY72CAR8S6ILCACYQ8OKCA
5HWESMCAQWFSUBCACSPLWNCAW5N1RVCAN79265CAJRJZ9UCAEXNDSACA1G0G0CCAP9J1T2CAYFXESWCA7
63ZDPCAIKZ728.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\QCAL38IQHCAEHZK2OCAC42ALACA3V0JPECALCYWIMCAU5ST86CAUAL662CASW9RZ2CA0VKE2DCA
W5Y17ICALKNSRKCABAIQ2XCA8HV5YHCAXVEPRQCAZWT49FCAO9X4DTCAYCKSBVCACRK183CARMT72ZCAT
EWT9DCAF6UU8C.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\TCAXAO032CA8X4V37CAE38FSPCAUY8D6MCAQ5QO9TCA14EI93CAT33TDRCA27IJGICAEOHY12CA
CJ31FZCA3ZKMPHCADI7PQ0CAJP8AKMCAQMSNA7CAY0NQZVCAO24LHZCAPOPBV7CAD5NWXKCAI27BBUCAC
YTE8ICAPJZ99J.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\L5BLVHFN\UCAMYP5SNCADH4VOKCA9ABIBKCABVYIXYCALWD0E1CAH2MIZFCA122FISCA4L2WZZCASJ3UV5CA
2EBRFACASWT6J4CAV19BRACATS0NX7CANFY269CAVRAMC1CAL17BPYCA0RRAT8CA3054CXCA43MR2TCAW
0DO1MCAP0K36C.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\337;met=1;v=1;pid=27959797;aid=204990572;ko=0;cid=28027054;rid=28044933;rv=
1;&timestamp=1220414880859;eid1=2;ecn1=0;etm1=10;eid2=12;ecn2=0;etm2=8;eid3=13;
ecn3=1;etm3=0;[1].gif not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\7CA8RTYIDCAX5IHECCAWXYTVKCAB1YG1YCAUEG7IQCA1WEMXZCATM0TRVCAERE2N1CAZHPY3ICA
5RMOVPCAIZ6R51CAGIV9G6CAJOAZ34CAB6WI9RCA4TOAFICANRK9O4CAG9OBEQCA7WDJ3VCAUP09RHCA1
SFI8ICAZXBJWO.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\7CABT3HEBCAWCUMI0CAY1UFCKCA6C76BGCACE1SKGCAGEM0WOCAXZNCT0CADBJQA5CAFBI3VNCA
927DQOCAHNMYD0CALF0S5LCA51ECEWCAPEDEGNCANM55GVCA2XFUDVCASABCMSCAMJRNDECAUI5EHCCAQ
V1TK3CAW2PUI3.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\ECAZ8T7Q2CA42N56FCAZ7CRJ4CABRIPBSCAVSDSVLCA3CTYLWCAE87LB0CAE9ZEPBCA3LZFZPCA
QFZ3EICAFH19AACAGHD88YCANCXUNICAYJYO5ZCAWPS9VECAWPE7JACAT5RTK9CAH8T7M4CAHLGQSXCAR
8W66OCAULXVY0.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\ICAEQFHFRCAQ93OYOCA8LP568CAB1HJ2SCAD7CX1XCA9M1KKPCAFTDQ4QCAE1ZJNVCATFPVUDCA
I5AUY7CAO0A30RCAOBXP37CAWIJLDGCA3TYR7OCAXMD2MVCAYQTSMCCAHR6GVQCAF2T1CACAEIX4G7CAM
CGZ1VCA0PCY1I.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHH8GSEO\QCANBUVOCCABA20OVCA1N8AJ9CAUVLIJ4CA98N85MCARLWRPZCARWWR0ACAXL7GG7CADMBLS5CA
H12SGACAI8VZ96CA00IPX5CA6SDY1HCAM8G4U2CAK3VREWCAC7ZNFJCADUVD38CAIFZDILCAWTSQ62CAR
5H9Y5CAH1RHZK.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXIYQZL5\il.live.com%252Fmail%252FInboxLight[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D2111658405 not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\1CALUXLYKCAUM5AJ3CASRC1D4CA8P44A1CAUU36CHCAKV3ZE7CAPRR4JMCABBKS3JCAB5NV9BCA
M2R8I0CA5FR2Z5CAFIIRJKCAVOL9OICAWXG35ECAB23YTSCAHIXB7UCAX1FX12CAGO5PR3CAQX7VDLCAX
ESZ0OCA6KB923.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\5CAUPCJDUCAE1FT7OCADE0KW5CAPHGBX3CAK391DCCAHKAK2JCAFHKWWOCAV22F9TCALLG4H8CA
U694J4CA3COMMUCA0OCWJ0CA6R6AVACAEWTFK3CA697B0ACAYFNI69CA7HYJDNCAMJ16LBCA0471P8CAF
VN2UXCA5JRLRL.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\activity;src=1649337;met=1;v=1;pid=27959797;aid=204990572;ko=0;cid=28027054
;rid=28044933;rv=1;&timestamp=1220414870859;eid1=2;ecn1=1;etm1=10;eid2=12;ecn2=1;etm2=8;[1].gif not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\GCAW03OODCAHQHP15CA7UMNTBCAHVCR0OCARZFXSGCA4Z7PMPCAKRE806CA0OYOG7CAWRSMESCA
04DN8OCAFAS1TKCABJ76IMCAD33GFZCAJDKK9JCAJOQGHPCAXH0M9NCA2L04AFCA840F8XCAL775ZTCA9
IB38BCAVKB2MB.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\HCAESNK3HCALGEK0MCAY0K9TRCARO3SZMCAL8HSU4CA5TMYUACA3S7TTPCAI5QFJZCAFJNBVQCA
0RZDE6CA8FOJ5FCAVO97FZCA9BHAMECAZ8196GCA7NG8CSCAI10XXDCA7TV87JCAQP0TEUCAWYSTZHCAT
HYXT8CAMOJDQC.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\JCA6XUWWVCAI0DDPDCAVZ6B0BCA4LZZ3SCASSHJYRCAA0T9WSCA65TD2UCA1PKERDCAW55H1YCA
GCFPH4CAADF91QCA8U17SCCAC0WO4KCAH42B3MCAVM5JF8CAJS2KGGCAJ9QOJDCAGLJJEQCARA97PGCAK
BBEITCA6SPV51.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\OCAVFA1FFCACXTME5CAAWX6CNCANAMDIYCA63ZHE9CATJTETNCAFTUBJFCAPGDW3QCAEFYE6GCA
SHBMD4CASY9T2DCAXEFFG3CAAU2G3TCA6SSR1RCAA9DCH2CAADKM2ZCAT5SO2VCA3YPNB2CAVDTQLHCAK
6Q01SCA49RSMZ.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\SCAJB7LZ8CANXS29FCA25VSIZCASFVY8YCA4ILVVTCA4XNIHJCAHY0MXOCAIBHWK9CA4A3A1VCA
EEY1J5CA0GXS15CAB8H12JCAWUCSYACAF011I8CALS3QY9CASG9002CAHTNL1XCAZ87C42CAGLTJYQCAM
7GEBLCA9Y8STJ.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\Temporary Internet Files\Content.IE5\0N9S3LMH\ZCAOPW96ACA5ZMRFNCAW2V7E0CACN4UTGCA7JSFDMCAF0ZUDZCA9KRSY4CAFPQTY1CAT213DMCA
KP61Z9CA0JPD0MCAK8VYF6CA42BGJGCAKEQSG8CAVKS2AMCAJ1996PCAL13VMUCA3NC7S6CAYSM019CA8
QA3OACAWBZ297.jpg not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT12AC.tmp not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT12AD.tmp not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT12AE.tmp not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT13F3.tmp not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\WT13F4.tmp not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\~DFB9AF.tmp not found!
File C:\Documents and Settings\Paige Lindsey\Local Settings\Temp\~DFB9C0.tmp not found!
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat not found!
File C:\WINDOWS\temp\mcmsc_CWxdztTk8ChDusK not found!
File C:\WINDOWS\temp\mcmsc_GSM0ehWKriplhWN not found!
File C:\WINDOWS\temp\mcmsc_kqYOkTwaeiJRRMj not found!
File C:\WINDOWS\temp\sqlite_1NDhrwPCPTnmTNK not found!
File C:\WINDOWS\temp\sqlite_acVJU0darqfkcaF not found!
File C:\WINDOWS\temp\sqlite_eBRyfvhHvE6g22e not found!
File C:\WINDOWS\temp\WFV2DD.tmp not found!

Registry entries deleted on Reboot...

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 07:11:12 PM

Quote

it's still giving me pop ups with addestination and the yoog search is still there

It looks like some of the entries weren't removed
Can you do the following please
Double click on OTScanIt2.exe
Leave all defaults selected
Don't change anything
Then click on Run Scan

Post the new log, we'll get it a different way

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 07:26:33 PM

[code]OTScanIt2 logfile created on: 3/5/2009 6:20:41 PM - Run 2
OTScanIt2 by OldTimer - Version 1.0.8.0    Folder = C:\Documents and Settings\Paige Lindsey\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 508.46 Mb Available Physical Memory | 50.14% Memory free
2.38 Gb Paging File | 1.95 Gb Available in Paging File | 81.67% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 5.65 Gb Free Space | 10.71% Space Free | Partition Type: NTFS
Drive D: | 18.48 Gb Total Space | 1.56 Gb Free Space | 8.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XAHRA
Current User Name: Paige Lindsey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [2008/02/28 19:43:37 | 00,079,360 | ---- | M] (Autodesk)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/08 20:04:36 | 00,307,704 | ---- | M] (Mozilla Corporation)
jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jucheck.exe -> [2008/06/10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2008/07/11 16:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\mcafee\mna\mcnasvc.exe -> [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.)
motivesb.exe -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> [2005/08/24 07:51:18 | 00,442,455 | ---- | M] (Motive, Inc.)
mpbtn.exe -> %ProgramFiles%\SBC Self Support Tool\bin\mpbtn.exe -> [2003/10/10 09:06:10 | 00,192,512 | ---- | M] ()
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)
msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
psiservice.exe -> %SystemRoot%\system32\PSIService.exe -> [2006/11/02 20:40:12 | 00,174,656 | ---- | M] ()
raysat_3dsmax9_32server.exe -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [2006/09/29 11:48:06 | 00,065,536 | ---- | M] ()
realplay.exe -> %ProgramFiles%\Real\RealPlayer\RealPlay.exe -> [2006/08/24 02:17:15 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
seaport.exe -> %ProgramFiles%\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.)
tablet.exe -> %SystemRoot%\system32\Tablet.exe -> [2005/12/05 15:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.)
tabuserw.exe -> %SystemRoot%\system32\WTablet\TabUserW.exe -> [2005/12/05 14:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)
wpwin12.exe -> %ProgramFiles%\WordPerfect Office 12\Programs\wpwin12.exe -> [2004/12/01 22:46:58 | 00,069,632 | ---- | M] (Corel Corporation)

[Win32 Services - Safe List]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2006/10/08 01:16:34 | 00,072,704 | ---- | M] (Adobe Systems)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [2008/02/28 19:43:37 | 00,079,360 | ---- | M] (Autodesk)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(dlcc_device) dlcc_device [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dlcccoms.exe -> [2005/10/27 15:41:52 | 00,491,520 | ---- | M] ( )
(fsssvc) Windows Live Family Safety [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Family Safety\fsssvc.exe -> [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/25 23:47:22 | 00,137,200 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/12/05 15:51:06 | 00,206,096 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\mcafee\mna\mcnasvc.exe -> [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2008/06/20 13:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.)
(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [2006/09/29 11:48:06 | 00,065,536 | ---- | M] ()
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel(R) Corporation)
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PSIService.exe -> [2006/11/02 20:40:12 | 00,174,656 | ---- | M] ()
(seaport) seaport [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.)
(TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> [2005/12/05 15:00:44 | 00,753,664 | ---- | M] (Wacom Technology, Corp.)
(windefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2006/08/24 02:17:18 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLABOIOM.SYS -> [2005/09/08 04:20:00 | 00,025,628 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLACDBHM.SYS -> [2005/08/25 11:16:52 | 00,005,628 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLADResN.SYS -> [2005/09/08 04:20:00 | 00,002,496 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAIFS_M.SYS -> [2005/09/08 04:20:00 | 00,086,524 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAOPIOM.SYS -> [2005/09/08 04:20:00 | 00,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAPoolM.SYS -> [2005/09/08 04:20:00 | 00,006,364 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLARTL_N.SYS -> [2005/08/25 11:16:16 | 00,022,684 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDFAM.SYS -> [2005/09/08 04:20:00 | 00,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDF_M.SYS -> [2005/09/08 04:20:00 | 00,087,036 | ---- | M] (Sonic Solutions)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 02:30:00 | 00,089,264 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\System32\Drivers\DRVNDDM.SYS -> [2005/08/12 04:20:00 | 00,040,544 | ---- | M] (Sonic Solutions)
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\e100b325.sys -> [2004/10/14 00:30:46 | 00,155,648 | ---- | M] (Intel Corporation)
(fssfltr) fssfltr [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\fssfltr_tdi.sys -> [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSFHWBS2.sys -> [2003/11/17 13:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_DP.sys -> [2003/11/17 13:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> [2005/10/14 13:15:18 | 01,302,812 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2003/04/09 10:48:08 | 00,011,043 | ---- | M] (Conexant)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2008/06/27 06:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2008/06/27 06:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2008/06/27 06:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2008/06/20 05:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2008/06/27 06:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\Mpfp.sys -> [2008/06/02 14:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(PenClass) Pen Class [Kernel | Boot | Running] -> %SystemRoot%\system32\Drivers\PenClass.sys -> [2005/11/29 15:50:42 | 00,008,138 | ---- | M] (Wacom Technology Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2006/02/10 10:19:12 | 01,107,224 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_CNXT.sys -> [2003/11/17 13:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com ->
HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"First Home Page" -> http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1 ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> Reg Error: Invalid data type. ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/defaulta.aspx ->
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-us ->
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> Reg Error: Invalid data type. ->
HKEY_CURRENT_USER\: Search\\"AutoSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx ->
HKEY_CURRENT_USER\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Paige Lindsey\Application Data\Mozilla\FireFox\Profiles\4fcxgyjw.default\prefs.js ->
browser.search.defaultenginename -> "Yoog Search" ->
browser.search.defaulturl -> "http://www8.yoog.com/search.php?q=" ->
browser.search.selectedEngine -> "Yoog Search" ->
browser.startup.homepage -> "http://go.microsoft.com/fwlink/?LinkId=69157" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.6" ->
extensions.enabledItems -> {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1    localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 04:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
{6ebf7485-159f-4bff-a14f-b9e3aac4465b} [HKLM] -> %ProgramFiles%\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [Search Helper] -> [2009/01/14 17:49:24 | 00,092,504 | ---- | M] (Microsoft Corp.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2008/06/20 05:41:56 | 00,058,688 | ---- | M] (McAfee, Inc.)
{9030d464-4c02-4abf-8ecc-5164760863c6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/02/25 23:39:50 | 00,251,504 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/02/25 23:47:25 | 00,657,904 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2009/02/25 23:39:49 | 00,522,224 | ---- | M] (Google Inc.)
{e15a8dc0-8516-42a1-81ea-dc94ec1acf10} [HKLM] -> %ProgramFiles%\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
{fdad4da1-61a2-4fd8-9c17-86f7ac245081} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 04:47:42 | 00,160,496 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> %ProgramFiles%\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/25 23:39:50 | 00,251,504 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 04:47:40 | 00,882,416 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/25 23:39:50 | 00,251,504 | ---- | M] ()
ShellBrowser\\"{C7768536-96F8-4001-B1A2-90EE21279187}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> %ProgramFiles%\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/25 23:39:50 | 00,251,504 | ---- | M] ()
WebBrowser\\"{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C7768536-96F8-4001-B1A2-90EE21279187}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DLCCCATS" -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16] -> [2005/09/13 16:50:38 | 00,073,728 | ---- | M] ()
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2008/07/11 16:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
"McENUI" -> %ProgramFiles%\McAfee\MHN\McENUI.exe [C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide] -> [2008/06/13 02:59:26 | 01,176,808 | ---- | M] (McAfee, Inc.)
"Motive SmartBridge" -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe [C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe] -> [2005/08/24 07:51:18 | 00,442,455 | ---- | M] (Motive, Inc.)
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/08/24 02:17:28 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"RealTray" -> %ProgramFiles%\Real\RealPlayer\RealPlay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> [2006/08/24 02:17:15 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/18 17:32:56 | 00,068,856 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 18:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> [2003/10/10 09:06:10 | 00,217,088 | ---- | M] (Motive Communications, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\TabUserW.exe.lnk -> %SystemRoot%\system32\WTablet\TabUserW.exe -> [2005/12/05 14:59:02 | 00,114,688 | ---- | M] (Wacom Technology, Corp.)
< Paige Lindsey Startup Folder > -> C:\Documents and Settings\Paige Lindsey\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel
\Control Panel\\"Connwiz Admin Lock" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Display All Images with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll ["res://C:\Program Files\NetZero\qsacc\appres.dll/228"] -> File not found
Display Image with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll ["res://C:\Program Files\NetZero\qsacc\appres.dll/227"] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{219c3416-8cb2-491a-a3c7-d9fcddc9d600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{219c3416-8cb2-491a-a3c7-d9fcddc9d600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{219c3416-8cb2-491a-a3c7-d9fcddc9d600}" [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->
{3DCEC959-378A-4922-AD7E-FD5C925D927F} [HKLM] -> http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab [Disney Online Games ActiveX Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E85362EF-40D4-4E5D-BE07-D6B036CCA277} [HKLM] -> https://secure.gopetslive.com/dev/gopets.cab [GoPets Control] ->
{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} [HKLM] -> https://secure.gopetslive.com/dev/GoPetsWeb.cab [GoPetsWeb Control] ->
Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{41A102D9-20E3-468C-B5A9-A1BEDC94187B} ->   (Intel(R) PRO/100 VE Network Connection) ->
{43A66A83-E708-4666-A08E-FBCA3B9EA745} ->   () ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/10/14 12:45:38 | 00,135,168 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\wEmail Removedexe" -> C:\Program Files\America Online 9.0\wEmail Removedexe [C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\Paige Lindsey\Application Data\U3\00001860457492A0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" -> C:\Documents and Settings\Paige Lindsey\Application Data\U3\00001860457492A0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe [C:\Documents and Settings\Paige Lindsey\Application Data\U3\00001860457492A0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Disabled:Skype] -> File not found
"C:\Program Files\America Online 9.0\wEmail Removedexe" -> C:\Program Files\America Online 9.0\wEmail Removedexe [C:\Program Files\America Online 9.0\wEmail Removedexe:*:Disabled:AOL] -> File not found
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" -> C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe [C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Disabled:Autodesk 3ds Max 9 32-bit] -> [2006/09/29 13:30:46 | 05,946,368 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" -> C:\Program Files\Autodesk\Backburner\manager.exe [C:\Program Files\Autodesk\Backburner\manager.exe:*:Disabled:backburner 2.3 manager] -> [2006/09/06 02:39:10 | 00,110,592 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" -> C:\Program Files\Autodesk\Backburner\monitor.exe [C:\Program Files\Autodesk\Backburner\monitor.exe:*:Disabled:backburner 2.3 monitor] -> [2006/09/06 02:39:14 | 00,425,984 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" -> C:\Program Files\Autodesk\Backburner\server.exe [C:\Program Files\Autodesk\Backburner\server.exe:*:Disabled:backburner 2.3 server] -> [2006/09/06 02:39:12 | 00,110,592 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe" -> C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe [C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Disabled:Maya] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Disabled:McAfee Network Agent] -> [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire] -> File not found
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox] -> [2009/02/08 20:04:36 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer] -> [2006/08/24 02:17:15 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\Softnyx\Rakion\Bin\rakion.bin" -> C:\Program Files\Softnyx\Rakion\Bin\rakion.bin [C:\Program Files\Softnyx\Rakion\Bin\rakion.bin:*:Disabled:rakion] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server] -> File not found
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 12:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 12:04:08 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\G
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell
\G\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun
\G\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
\G\Shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found

[Files/Folders - Created Within 30 Days]
_OTScanIt -> %SystemDrive%\_OTScanIt -> [2009/03/05 17:51:53 | 00,000,000 | ---D | C]
GooredFix.exe -> %UserProfile%\Desktop\GooredFix.exe -> [2009/03/05 16:25:51 | 00,094,208 | ---- | C] ()
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/03/05 15:35:35 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/05 15:34:41 | 00,661,370 | ---- | C] ()
Dragon story.wpd -> %UserProfile%\My Documents\Dragon story.wpd -> [2009/03/05 13:10:41 | 00,004,171 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/03/05 12:41:04 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/03/05 12:41:03 | 00,000,000 | ---D | C]
HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> [2009/03/05 12:40:54 | 00,812,344 | ---- | C] (Trend Micro Inc.)
pussycat dolls - i hate this part.mp3 -> %UserProfile%\My Documents\pussycat dolls - i hate this part.mp3 -> [2009/03/04 04:24:56 | 06,965,376 | ---- | C] ()
963759e6-b34b-f648-28c3-2929735ebc68.exe -> %SystemRoot%\System32\963759e6-b34b-f648-28c3-2929735ebc68.exe -> [2009/03/04 04:17:57 | 00,085,590 | ---- | C] ()
setup.exe -> %UserProfile%\My Documents\setup.exe -> [2009/03/04 04:17:26 | 00,181,274 | ---- | C] ()
04 Thinking Of You.mp3 -> %UserProfile%\My Documents\04 Thinking Of You.mp3 -> [2009/03/01 09:06:02 | 03,948,251 | ---- | C] ()
WTF.mp3 -> %UserProfile%\My Documents\WTF.mp3 -> [2009/02/28 02:14:22 | 00,628,687 | ---- | C] ()
Disney - Hunchback of Notre Dame - The Bells of Notre Dame.mp3 -> %UserProfile%\My Documents\Disney - Hunchback of Notre Dame - The Bells of Notre Dame.mp3 -> [2009/02/27 00:52:21 | 06,157,523 | ---- | C] ()
Disney - The Hunchback of Notre Dame - Topsy Turvy.mp3 -> %UserProfile%\My Documents\Disney - The Hunchback of Notre Dame - Topsy Turvy.mp3 -> [2009/02/27 00:47:58 | 04,714,624 | ---- | C] ()
Disney - The Hunchback of Notre Dame - Out There.mp3 -> %UserProfile%\My Documents\Disney - The Hunchback of Notre Dame - Out There.mp3 -> [2009/02/27 00:44:10 | 04,248,20

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 07:56:36 PM

I don't see the presence of the files we were removing
Let's see if we can manually remove some settings

Print these instructions or save them to a text file on desktop

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

I'm going repeat some instructions:
In IE7, beside the Address bar, is a Search bar
To the right of the search bar is a magnifying glass and a drop down arrow
Left click the drop down arrow
and select>>"Change Search Defaults" (It may be "Search Settings" in IE8)
If you see "Yoog Search" in the list
Highlight it and Remove it
Then highlight Google (or another search provider) and set to Default

Close IE7

In Mozilla Firefox
Beside the address bar is the Search engine bar
Can you use the drop down arrow beside the search box, >>Select "Manage Search Engines"
If YOOG is listed, can you highlight it and remove it
Then Highlight Google and Hit OK

Close Firefox, don't reopen it until we are done
Navigate to the following folder
C:\Documents and Settings\Paige Lindsey\Application Data\Mozilla\FireFox\Profiles\4fcxgyjw.default

In that folder right click on prefs.js and select EDIT
Delete any lines referring to yoog as the following are eg...

===================================================
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
======================================================
You may see all the following:
browser.search.defaultenginename -> "Yoog Search" ->
browser.search.defaulturl -> "http://www8.yoog.com/search.php?q=" ->
browser.search.selectedEngine -> "Yoog Search" ->

Don't leave spacings
Close prefs.js and save the changes when prompted
remain in the folder
Right click on user.js folder if you see it and select EDIT
Delete any lines referring to yoog

Come back here and keep me informed how things are running
Also, I still need to see a fresh Hijackthis log

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 08:27:15 PM

i did everything you instructed and still the yoog search is there. did a new Hijack this scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:27 PM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab (http://\"http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab\")
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab (http://\"https://secure.gopetslive.com/dev/gopets.cab\")
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab (http://\"https://secure.gopetslive.com/dev/GoPetsWeb.cab\")
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9172 bytes

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 08:33:47 PM

Something is resetting it
Can you do the next step

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://www.forospyware.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 3[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
Also, do not let your Firewall software interfere[/color]

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Edit>>Could you also let me know if your having problems still with yoog in both
Firefox and IE

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 09:14:52 PM

firefox and IE run fine for the most part. Occasionally they will redirect to an error 404 that leads to a search page and on the google search results there will be an extra window on the left side with "sponsored results". And sometimes there is a pop up that says addestination on the top. that is how i figured out it was adware in the first place.

ComboFix 09-03-04.01 - Paige Lindsey 2009-03-05 20:05:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.597 [GMT -6:00]
Running from: c:\documents and settings\Paige Lindsey\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\bfvlqpqaioerww.dll
c:\program files\Mozilla Firefox\components\f4fa5eb7-af58-a229-d5f2-32945aca7e1a.dll
c:\windows\jestertb.dll
c:\windows\system32\TDSSosvd.dat

.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-05 17:51 . 2009-03-05 17:51 <DIR> d-------- C:\_OTScanIt
2009-03-05 12:41 . 2009-03-05 12:41 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 04:17 . 2009-03-04 04:17 85,590 --a------ c:\windows\system32\963759e6-b34b-f648-28c3-2929735ebc68.exe
2009-02-25 23:56 . 2009-02-25 23:56 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-25 23:56 . 2009-02-25 23:56 1,409 --a------ c:\windows\QTFont.for
2009-02-24 22:56 . 2009-02-24 22:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 22:56 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 22:56 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 16:22 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-23 16:20 . 2009-02-23 16:20 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-23 16:17 . 2009-02-23 16:17 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 00:05 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-02-27 21:23 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 05:47 --------- d-----w c:\program files\Google
2009-02-24 08:55 --------- d-----w c:\program files\Dl_cats
2009-02-23 22:22 --------- d-----w c:\program files\Windows Live
2009-02-23 22:22 --------- d-----w c:\program files\Microsoft
2009-02-14 02:28 34 ----a-w c:\documents and settings\Paige Lindsey\jagex_runescape_preferences.dat
2009-01-31 06:12 --------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-01-31 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-31 06:11 --------- d-----w c:\program files\Yahoo!
2009-01-29 23:59 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-29 23:57 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-29 21:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 21:54 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\InstallShield
2009-01-29 21:26 --------- d-----w c:\program files\Windows Defender
2009-01-29 21:18 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\U3
2009-01-29 06:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 02:25 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\Malwarebytes
2009-01-29 02:25 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-28 22:49 --------- d-----w c:\program files\Enigma Software Group
2009-01-28 22:28 --------- d-----w c:\program files\LimeWire
2009-01-27 16:51 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\LimeWire
2009-01-27 16:32 --------- d-----w c:\program files\McAfee
2009-01-27 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-25 05:43 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\Move Networks
2009-01-21 18:31 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2009-01-21 08:31 --------- d-----w c:\program files\Common Files\INCA Shared
2009-01-21 03:28 3,346 ---h--w c:\windows\system32\v1CA5806AC98134.dll
2009-01-21 03:14 --------- d-----w c:\program files\Steinberg
2009-01-21 01:28 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-01-20 21:33 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\Corel
2009-01-20 21:28 --------- d-----w c:\program files\Corel
2009-01-20 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-01-17 03:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-11 03:27 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-03-28 19:40 4,630 ----a-w c:\documents and settings\Paige Lindsey\Application Data\wklnhst.dat
2006-11-10 01:14 90,760 -c--a-w c:\documents and settings\Paige Lindsey\Application Data\GDIPFONTCACHEV1.DAT
2008-08-26 06:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082620080827\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-08-24 26112]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-24 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-03-03 217088]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-03-22 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincg20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhg54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjh67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuw64.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Paige Lindsey^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Paige Lindsey\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 01:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a------ 2005-10-20 18:40 430080 c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-11-01 02:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-10-14 12:46 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-10-14 12:50 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-10-14 12:49 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2008-07-11 16:48 641208 c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2008-11-04 14:01 558808 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-24 02:17 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-08-24 02:17 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton Ghost"=2 (0x2)
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-23 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-10 206096]
R2 seaport;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S0 Wincg20;Wincg20;c:\windows\system32\Drivers\Wincg20.sys --> c:\windows\system32\Drivers\Wincg20.sys [?]
S0 Winhg54;Winhg54;c:\windows\system32\Drivers\Winhg54.sys --> c:\windows\system32\Drivers\Winhg54.sys [?]
S0 Winjh67;Winjh67;c:\windows\system32\Drivers\Winjh67.sys --> c:\windows\system32\Drivers\Winjh67.sys [?]
S0 Winuw64;Winuw64;c:\windows\system32\Drivers\Winuw64.sys --> c:\windows\system32\Drivers\Winuw64.sys [?]
S1 bcf7b895;bcf7b895;c:\windows\system32\drivers\bcf7b895.sys --> c:\windows\system32\drivers\bcf7b895.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-03-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-03-06 c:\windows\Tasks\User_Feed_Synchronization-{3E0AA50E-9D46-4313-97F3-88AE4F65989A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-E6TaskPanel - c:\program files\EarthLink TotalAccess\TaskPanl.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Microsoft Location Finder - c:\program files\Microsoft Location Finder\LocationFinder.exe
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MPSExe - c:\progra~1\mcafee.com\mps\mscifapp.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-MSKDetectorExe - c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-Norton Ghost 10 - c:\program files\Norton Ghost\Agent\GhostTray.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
MSConfigStartUp-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
MSConfigStartUp-Weather - c:\progra~1\AWS\WEATHE~1\Weather.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
LSP: c:\windows\system32\mclsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Paige Lindsey\Application Data\Mozilla\Firefox\Profiles\4fcxgyjw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www8.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www8.yoog.com/search.php?q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\1.4.697.28342\npCIDetect7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www8.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www8.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2009-03-05 20:06:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
.
Completion time: 2009-03-05 20:08:33
ComboFix-quarantined-files.txt 2009-03-06 02:08:31

Pre-Run: 5,940,015,104 bytes free
Post-Run: 5,981,044,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

284 --- E O F --- 2009-03-05 16:37:08

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 09:47:19 PM

Can you do the following

Navigate to the following files and right click on them and select Properties>>
Do you know what they are related too?
c:\windows\system32\Drivers\Wincg20.sys
c:\windows\system32\Drivers\Winhg54.sys
c:\windows\system32\Drivers\Winjh67.sys
c:\windows\system32\Drivers\Winuw64.sys

Do the same for this one
c:\windows\system32\drivers\bcf7b895.sys

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 10:14:57 PM

I searched and searched but couldn't find those files.

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 10:31:37 PM

Do a "System scan only" with Hijackthis and put a check next to these entries:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Can you remove Yoog from both IE7 and Firefox from the Search engines as I described earlier if found

Then navigate to the following folder
c:\documents and settings\Paige Lindsey\Application Data\Mozilla\Firefox\Profiles\4fcxgyjw.default\

Right click on prefs.js and choose EDIT
Remove these lines related to the following
prefs.js: browser.search.defaulturl - hxxp://www8.yoog.com/search.php?q=
prefs.js: browser.search.selectedEngine - Yoog Search
prefs.js: keyword.URL - hxxp://www8.yoog.com/search.php?q=

Close prefs.js and ensure to SAVE the change

Right click on user.js and choose EDIT
Remove these lines related to the following
user.js: browser.search.defaultenginename - Yoog Search
user.js: browser.search.defaulturl - hxxp://www8.yoog.com/search.php?q=
user.js: browser.search.selectedEngine - Yoog Search
user.js: keyword.URL - hxxp://www8.yoog.com/search.php?q=
user.js: keyword.enabled - true
Close and SAVE

Ensure you don't miss any of them

Open the searchplugins folder inside of 4fcxgyjw.default folder
If you find yoog.xml
Delete it

Close your browsers and reopen them, is yoog now gone?

Also, Please download [color=\"blue\"]DirLook[/color] by jpshortstuff from one of the following mirrors:
[color=\"red\"]Link 1[/color] (http://\"http://jpshortstuff.247fixes.com/DirLook.exe\")
[color=\"red\"]Link 2[/color] (http://\"http://images.malwareremoval.com/jpshortstuff/DirLook.exe\")
[color=\"red\"]Link 3[/color] (http://\"http://downloads.securitycadets.com/DirLook.exe\")

Double-click DirLook.exe to run it (Vista Users should right-click and select Run As Administrator...).
Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
Copy the content of the following codebox into the main textfield:

Code: [Select]

c:\windows\system32\Drivers

Click the DirLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 10:51:51 PM

Okay! Yoog is gone! here is the log for the dirlook

DirLook.exe v2.0 by jpshortstuff
Log created at 21:50 on 05/03/2009
==================================
Contents of "c:\windows\system32\Drivers"

[color=\"blue\"]---FOLDERS---[/color]

disdn (Created on 10/08/2004 at 17:52) d-----
etc (Created on 10/08/2004 at 17:52) d-----
UMDF (Created on 29/03/2008 at 03:09) d-----

[color=\"blue\"]---FILES---[/color]

1028_Dell_DIM_DV051.mrk (6713 bytes - created on 24/08/2006 at 07:50, modified on 24/08/2006 at 07:50) --a--c
ABP480N5.SYS (23552 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
acpi.sys (187776 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
acpiec.sys (11648 bytes - created on 17/08/2001 at 18:57, modified on 04/08/2004 at 10:00) --a---
adpu160m.sys (101888 bytes - created on 10/08/2004 at 18:25, modified on 17/08/2001 at 19:07) --a---
adv01nt5.dll (4255 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv02nt5.dll (3967 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv05nt5.dll (3615 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv07nt5.dll (3647 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv08nt5.dll (3135 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv09nt5.dll (3711 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
adv11nt5.dll (3775 bytes - created on 26/08/2008 at 04:56, modified on 14/04/2008 at 00:11) ------
aec.sys (142592 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 16:39) --a---
afd.sys (138496 bytes - created on 10/08/2004 at 17:50, modified on 14/08/2008 at 10:04) --a---
agp440.sys (42368 bytes - created on 10/08/2004 at 17:58, modified on 13/04/2008 at 18:36) --a---
agpcpq.sys (44928 bytes - created on 10/08/2004 at 18:22, modified on 13/04/2008 at 18:36) --a---
aha154x.sys (12800 bytes - created on 10/08/2004 at 18:24, modified on 17/08/2001 at 18:52) --a---
aic78u2.sys (55168 bytes - created on 10/08/2004 at 18:25, modified on 17/08/2001 at 19:07) --a---
aic78xx.sys (56960 bytes - created on 10/08/2004 at 18:25, modified on 17/08/2001 at 19:07) --a---
aliide.sys (5248 bytes - created on 10/08/2004 at 18:34, modified on 17/08/2001 at 18:51) --a---
alim1541.sys (42752 bytes - created on 10/08/2004 at 18:16, modified on 13/04/2008 at 18:36) --a---
amdagp.sys (43008 bytes - created on 10/08/2004 at 18:16, modified on 13/04/2008 at 18:36) --a---
amdk6.sys (37376 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
amdk7.sys (37760 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
amsint.sys (12032 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
arp1394.sys (60800 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:51) --a---
asc.sys (26496 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
asc3350p.sys (22400 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
asc3550.sys (14848 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:51) --a---
asctrm.sys (8552 bytes - created on 24/08/2006 at 08:17, modified on 24/08/2006 at 08:17) --a---
asyncmac.sys (14336 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:57) --a---
atapi.sys (96512 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
ati1btxx.sys (56623 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1mdxx.sys (11615 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1pdxx.sys (12047 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1raxx.sys (30671 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1rvxx.sys (63663 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1snxx.sys (26367 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1ttxx.sys (21343 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1tuxx.sys (36463 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1xbxx.sys (29455 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati1xsxx.sys (34735 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati2mtaa.sys (327040 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ati2mtag.sys (701440 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinbtxx.sys (57856 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinmdxx.sys (13824 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinpdxx.sys (14336 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinraxx.sys (52224 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinrvxx.sys (104960 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinsnxx.sys (28672 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinttxx.sys (13824 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atintuxx.sys (73216 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinxbxx.sys (31744 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
atinxsxx.sys (63488 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
ativmc20.cod (64352 bytes - created on 26/08/2008 at 04:57, modified on 17/07/2004 at 16:36) ------
atmarpc.sys (59904 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:51) --a---
atmepvc.sys (31360 bytes - created on 10/08/2004 at 17:50, modified on 04/08/2004 at 10:00) --a--c
atmlane.sys (55808 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:51) --a---
atmuni.sys (352256 bytes - created on 10/08/2004 at 17:50, modified on 04/08/2004 at 10:00) --a--c
atv01nt5.dll (21183 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
atv02nt5.dll (11359 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
atv04nt5.dll (25471 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
atv06nt5.dll (14143 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
atv10nt5.dll (17279 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
audstub.sys (3072 bytes - created on 10/08/2004 at 17:59, modified on 17/08/2001 at 18:59) --a---
beep.sys (4224 bytes - created on 10/08/2004 at 17:50, modified on 04/08/2004 at 10:00) --a---
bridge.sys (71552 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:53) --a---
bthenum.sys (17024 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
bthmodem.sys (37888 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
bthpan.sys (101120 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:51) ------
bthport.sys (272128 bytes - created on 10/06/2008 at 18:51, modified on 13/06/2008 at 11:05) ------
bthprint.sys (36480 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
bthusb.sys (18944 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
cbidf2k.sys (13952 bytes - created on 17/08/2001 at 18:52, modified on 17/08/2001 at 18:52) --a---
ccdecode.sys (17024 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
cd20xrnt.sys (7680 bytes - created on 10/08/2004 at 18:31, modified on 17/08/2001 at 18:52) --a---
cdaudio.sys (18688 bytes - created on 17/08/2001 at 18:52, modified on 04/08/2004 at 10:00) --a---
cdfs.sys (63744 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 19:14) --a---
cdr4_xp.sys (9336 bytes - created on 02/02/2007 at 08:00, modified on 02/02/2007 at 08:00) --a---
cdralw2k.sys (9464 bytes - created on 02/02/2007 at 08:00, modified on 02/02/2007 at 08:00) --a---
cdrom.sys (62976 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
ch7xxnt5.dll (15423 bytes - created on 26/08/2008 at 04:57, modified on 14/04/2008 at 00:11) ------
cinemst2.sys (262528 bytes - created on 17/08/2001 at 19:02, modified on 04/08/2004 at 10:00) --a--c
classpnp.sys (49536 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 19:16) --a---
cmdide.sys (6656 bytes - created on 10/08/2004 at 18:34, modified on 17/08/2001 at 18:51) --a---
cpqarray.sys (14976 bytes - created on 10/08/2004 at 18:27, modified on 17/08/2001 at 18:52) --a---
cpqdap01.sys (11776 bytes - created on 17/08/2001 at 18:24, modified on 04/08/2004 at 10:00) --a--c
crusoe.sys (36736 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
cxthsfs2.cty (129045 bytes - created on 26/08/2008 at 04:57, modified on 18/07/2004 at 03:55) ------
dac2w2k.sys (179584 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
dac960nt.sys (14720 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
del200f.cty (128398 bytes - created on 24/08/2006 at 07:51, modified on 19/11/2003 at 06:15) --a--c
disk.sys (36352 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
diskdump.sys (14208 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:40) --a---
DLACDBHM.SYS (5628 bytes - created on 24/08/2006 at 08:26, modified on 25/08/2005 at 17:16) --a---
DLARTL_N.SYS (22684 bytes - created on 24/08/2006 at 08:26, modified on 25/08/2005 at 17:16) --a---
dmboot.sys (799744 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:44) --a---
dmio.sys (153344 bytes - created on 10/08/2004 at 17:50, modified on 13/04/2008 at 18:44) --a---
dmload.sys (5888 bytes - created on 10/08/2004 at 17:50, modified on 04/08/2004 at 10:00) --a---
dmusic.sys (52864 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
dpti2o.sys (20192 bytes - created on 10/08/2004 at 18:26, modified on 17/08/2001 at 19:07) --a---
drmk.sys (60160 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
drmkaud.sys (2944 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
DRVMCDB.SYS (89264 bytes - created on 24/08/2006 at 08:26, modified on 12/09/2005 at 08:30) --a---
DRVNDDM.SYS (40544 bytes - created on 24/08/2006 at 08:26, modified on 12/08/2005 at 10:20) --a---
dxapi.sys (10496 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
dxg.sys (71168 bytes - created on 04/08/2004 at 04:00, modified on 13/04/2008 at 18:38) --a---
dxgthk.sys (3328 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
e100b325.sys (155648 bytes - created on 10/08/2004 at 17:59, modified on 14/10/2004 at 06:30) --a---
fastfat.sys (143744 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:14) --a---
fdc.sys (27392 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
fips.sys (44544 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:33) --a---
flpydisk.sys (20480 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
fltmgr.sys (129792 bytes - created on 10/08/2004 at 18:02, modified on 13/04/2008 at 18:32) --a---
fssfltr_tdi.sys (55152 bytes - created on 23/02/2009 at 22:22, modified on 07/02/2009 at 00:08) --a---
fsvga.sys (12160 bytes - created on 17/08/2001 at 18:57, modified on 04/08/2004 at 10:00) --a--c
fs_rec.sys (7936 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
ftdisk.sys (125056 bytes - created on 17/08/2001 at 18:52, modified on 17/08/2001 at 18:52) --a---
gagp30kx.sys (46464 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:36) ------
gm.dls (3440660 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
gmreadme.txt (646 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
hdaudbus.sys (144384 bytes - created on 12/08/2004 at 22:45, modified on 13/04/2008 at 16:36) ------
Hdaudio.sys (113664 bytes - created on 12/08/2004 at 22:45, modified on 12/08/2004 at 22:45) -----c
hidbth.sys (25600 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:46) ------
hidclass.sys (36864 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
hidir.sys (19200 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:45) ------
hidparse.sys (24960 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
hidusb.sys (10368 bytes - created on 28/08/2006 at 18:06, modified on 13/04/2008 at 18:45) --a---
hpn.sys (25952 bytes - created on 10/08/2004 at 18:28, modified on 17/08/2001 at 19:07) --a---
hsfbs2s2.sys (220032 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
hsfcxts2.sys (685056 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
hsfdpsp2.sys (1041536 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
HSFHWBS2.sys (212224 bytes - created on 24/08/2006 at 07:51, modified on 17/11/2003 at 19:59) --a---
HSF_CNXT.sys (680704 bytes - created on 24/08/2006 at 07:51, modified on 17/11/2003 at 19:58) --a---
HSF_DP.sys (1042432 bytes - created on 24/08/2006 at 07:51, modified on 17/11/2003 at 19:56) --a---
http.sys (264832 bytes - created on 04/08/2004 at 04:00, modified on 13/04/2008 at 18:53) --a---
i2omgmt.sys (8576 bytes - created on 10/08/2004 at 18:30, modified on 13/04/2008 at 18:41) --a---
i2omp.sys (18560 bytes - created on 10/08/2004 at 18:30, modified on 13/04/2008 at 18:41) --a---
i8042prt.sys (52480 bytes - created on 04/08/2004 at 04:14, modified on 13/04/2008 at 19:18) --a---
ialmnt5.sys (1302812 bytes - created on 24/08/2006 at 07:51, modified on 14/10/2005 at 19:15) --a---
imapi.sys (42112 bytes - created on 04/08/2004 at 04:00, modified on 13/04/2008 at 18:40) --a---
ini910u.sys (16000 bytes - created on 10/08/2004 at 18:32, modified on 17/08/2001 at 18:52) --a---
intelide.sys (5504 bytes - created on 10/08/2004 at 17:58, modified on 13/04/2008 at 18:40) --a---
intelppm.sys (36352 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
ip6fw.sys (36608 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:53) --a---
ipfltdrv.sys (32896 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
ipinip.sys (20864 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
ipnat.sys (152832 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
ipsec.sys (75264 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:19) --a---
iqvw32.sys (19456 bytes - created on 02/11/2004 at 20:12, modified on 02/11/2004 at 20:12) --a--c
irenum.sys (11264 bytes - created on 10/08/2004 at 17:57, modified on 13/04/2008 at 18:54) --a---
isapnp.sys (37248 bytes - created on 17/08/2001 at 18:58, modified on 13/04/2008 at 18:36) --a---
kbdclass.sys (24576 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:39) --a---
kbdhid.sys (14592 bytes - created on 28/08/2006 at 18:06, modified on 13/04/2008 at 18:39) --a---
kmixer.sys (172416 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
ks.sys (141056 bytes - created on 04/08/2004 at 04:15, modified on 13/04/2008 at 19:16) --a---
ksecdd.sys (92288 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:31) --a---
mbam.sys (15504 bytes - created on 25/02/2009 at 04:56, modified on 11/02/2009 at 16:19) --a---
mbamswissarmy.sys (38496 bytes - created on 25/02/2009 at 04:56, modified on 11/02/2009 at 16:19) --a---
mcd.sys (7680 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
mdmxsdk.sys (11043 bytes - created on 24/08/2006 at 07:51, modified on 09/04/2003 at 16:48) --a---
mf.sys (63744 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
mfeavfk.sys (79240 bytes - created on 10/09/2008 at 17:11, modified on 27/06/2008 at 12:08) --a---
mfebopk.sys (35240 bytes - created on 10/09/2008 at 17:11, modified on 27/06/2008 at 12:08) --a---
mfehidk.sys (207656 bytes - created on 10/09/2008 at 17:11, modified on 27/06/2008 at 12:08) --a---
mferkdk.sys (34152 bytes - created on 10/09/2008 at 17:11, modified on 20/06/2008 at 11:41) --a---
mfesmfk.sys (40488 bytes - created on 10/09/2008 at 17:11, modified on 27/06/2008 at 12:08) --a---
mnmdd.sys (4224 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
modem.sys (30080 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 19:00) --a---
MODEMCSA.sys (16128 bytes - created on 24/08/2006 at 07:59, modified on 17/08/2001 at 18:57) --a---
mouclass.sys (23040 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:39) --a---
mouhid.sys (12160 bytes - created on 28/08/2006 at 18:06, modified on 17/08/2001 at 18:48) --a---
mountmgr.sys (42368 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:39) --a---
Mpfp.sys (120136 bytes - created on 10/09/2008 at 17:11, modified on 02/06/2008 at 20:55) --a---
mraid35x.sys (17280 bytes - created on 10/08/2004 at 18:27, modified on 17/08/2001 at 18:52) --a---
mrxdav.sys (180608 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:32) --a---
mrxsmb.sys (455296 bytes - created on 10/08/2004 at 17:51, modified on 24/10/2008 at 11:21) --a---
msfs.sys (19072 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:32) --a---
msgpc.sys (35072 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
mskssrv.sys (7552 bytes - created on 24/08/2006 at 07:59, modified on 13/04/2008 at 18:39) --a---
mspclock.sys (5376 bytes - created on 24/08/2006 at 07:59, modified on 13/04/2008 at 18:39) --a---
mspqm.sys (4992 bytes - created on 24/08/2006 at 07:59, modified on 13/04/2008 at 18:39) --a---
mssmbios.sys (15488 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
mstee.sys (5504 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:39) --a---
mtlmnt5.sys (126686 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
mtlstrm.sys (1309184 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:41) ------
mtxparhm.sys (452736 bytes - created on 26/08/2008 at 04:57, modified on 04/08/2004 at 03:29) ------
mup.sys (105344 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:17) --a---
mutohpen.sys (12672 bytes - created on 26/08/2008 at 04:57, modified on 13/04/2008 at 18:43) ------
nabtsfec.sys (85248 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
ndis.sys (182656 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:20) --a---
ndisip.sys (10880 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
ndistapi.sys (10112 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
ndisuio.sys (14592 bytes - created on 04/08/2004 at 04:03, modified on 13/04/2008 at 18:55) --a---
ndiswan.sys (91520 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:20) --a---
ndproxy.sys (40576 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
netbios.sys (34688 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
netbt.sys (162816 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:21) --a---
netwlan5.img (67866 bytes - created on 26/08/2008 at 04:58, modified on 17/07/2004 at 16:35) ------
nic1394.sys (61824 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:51) --a---
nikedrv.sys (12032 bytes - created on 17/08/2001 at 18:24, modified on 04/08/2004 at 10:00) --a--c
nmnt.sys (40320 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:53) --a---
npfs.sys (30848 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:32) --a---
ntfs.sys (574976 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:15) --a---
ntmtlfax.sys (180360 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
null.sys (2944 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
nv4_mini.sys (1897408 bytes - created on 10/08/2004 at 17:59, modified on 04/08/2004 at 03:29) --a---
nwlnkflt.sys (12416 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
nwlnkfwd.sys (32512 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
nwlnkipx.sys (88320 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
nwlnknb.sys (63232 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
nwlnkspx.sys (55936 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
oprghdlr.sys (3456 bytes - created on 17/08/2001 at 18:57, modified on 04/08/2004 at 10:00) --a--c
p3.sys (42752 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
parport.sys (80128 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
partmgr.sys (19712 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:40) --a---
parvdm.sys (6784 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
pci.sys (68224 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
pciide.sys (3328 bytes - created on 17/08/2001 at 18:51, modified on 17/08/2001 at 18:51) --a---
pciidex.sys (24960 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
pcmcia.sys (120192 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
PenClass.sys (8138 bytes - created on 22/03/2007 at 17:11, modified on 29/11/2005 at 21:50) ------
perc2.sys (27296 bytes - created on 10/08/2004 at 18:28, modified on 17/08/2001 at 19:07) --a---
perc2hib.sys (5504 bytes - created on 10/08/2004 at 18:28, modified on 17/08/2001 at 19:07) --a---
portcls.sys (146048 bytes - created on 16/03/2004 at 16:58, modified on 13/04/2008 at 19:19) ------
processr.sys (35840 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:31) --a---
psched.sys (69120 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
ptilink.sys (17792 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
pxhelp20.sys (43840 bytes - created on 14/11/2007 at 08:00, modified on 14/11/2007 at 08:00) --a---
ql1080.sys (40320 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
ql10wnt.sys (33152 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
ql12160.sys (45312 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
ql1240.sys (40448 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
ql1280.sys (49024 bytes - created on 10/08/2004 at 18:30, modified on 17/08/2001 at 18:52) --a---
rasacd.sys (8832 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
rasl2tp.sys (51328 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:19) --a---
raspppoe.sys (41472 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
raspptp.sys (48384 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:19) --a---
raspti.sys (16512 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
rawwan.sys (34432 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
rdbss.sys (175744 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:28) --a---
rdpcdd.sys (4224 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
rdpdr.sys (196224 bytes - created on 10/08/2004 at 18:01, modified on 13/04/2008 at 18:32) --a---
rdpwd.sys (139656 bytes - created on 10/08/2004 at 18:01, modified on 14/04/2008 at 00:13) --a---
recagent.sys (13776 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
redbook.sys (57600 bytes - created on 10/08/2004 at 17:59, modified on 13/04/2008 at 18:40) --a---
rfcomm.sys (59136 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:46) ------
rio8drv.sys (12032 bytes - created on 17/08/2001 at 18:24, modified on 04/08/2004 at 10:00) --a--c
riodrv.sys (12032 bytes - created on 17/08/2001 at 18:24, modified on 04/08/2004 at 10:00) --a--c
rmcast.sys (203136 bytes - created on 10/08/2004 at 17:51, modified on 08/05/2008 at 14:02) --a---
rndismp.sys (30592 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
rndismpx.sys (30592 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:56) ------
rootmdm.sys (5888 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
s3gnbm.sys (166912 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
scsiport.sys (96384 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
sdbus.sys (79232 bytes - created on 04/08/2004 at 04:07, modified on 13/04/2008 at 18:36) --a---
secdrv.sys (20480 bytes - created on 10/08/2004 at 17:51, modified on 13/11/2007 at 10:25) --a---
serenum.sys (15744 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
serial.sys (64512 bytes - created on 04/08/2004 at 04:15, modified on 13/04/2008 at 19:15) --a---
sffdisk.sys (11904 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
sffp_mmc.sys (10240 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:40) ------
sffp_sd.sys (11008 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
sfloppy.sys (11392 bytes - created on 04/08/2004 at 03:59, modified on 13/04/2008 at 18:40) --a---
siint5.dll (3901 bytes - created on 26/08/2008 at 04:58, modified on 14/04/2008 at 00:12) ------
sisagp.sys (40960 bytes - created on 10/08/2004 at 18:22, modified on 13/04/2008 at 18:36) --a---
slip.sys (11136 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
slnt7554.sys (129535 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
slntamr.sys (404990 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
slnthal.sys (95424 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
slwdmsup.sys (13240 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:41) ------
smbali.sys (5888 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:36) ------
smclib.sys (14592 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a--c
sonydcam.sys (25344 bytes - created on 04/08/2004 at 04:09, modified on 13/04/2008 at 18:46) --a---
sparrow.sys (19072 bytes - created on 10/08/2004 at 18:24, modified on 17/08/2001 at 19:07) --a---
splitter.sys (6272 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
sr.sys (73472 bytes - created on 10/08/2004 at 18:02, modified on 13/04/2008 at 18:36) --a---
srv.sys (333952 bytes - created on 10/08/2004 at 17:51, modified on 11/12/2008 at 10:57) --a---
sthda.sys (1107224 bytes - created on 24/08/2006 at 07:51, modified on 10/02/2006 at 16:19) --a---
stream.sys (49408 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
streamip.sys (15232 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
swenum.sys (4352 bytes - created on 04/08/2004 at 03:58, modified on 13/04/2008 at 18:39) --a---
swmidi.sys (56576 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 18:45) --a---
symc810.sys (16256 bytes - created on 10/08/2004 at 18:29, modified on 17/08/2001 at 19:07) --a---
symc8xx.sys (32640 bytes - created on 10/08/2004 at 18:28, modified on 17/08/2001 at 19:07) --a---
sym_hi.sys (28384 bytes - created on 10/08/2004 at 18:27, modified on 17/08/2001 at 19:07) --a---
sym_u3.sys (30688 bytes - created on 10/08/2004 at 18:29, modified on 17/08/2001 at 19:07) --a---
sysaudio.sys (60800 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 19:15) --a---
tape.sys (14976 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:40) --a---
tcpip.sys (361600 bytes - created on 10/08/2004 at 17:51, modified on 20/06/2008 at 11:51) --a---
tcpip6.sys (225856 bytes - created on 10/08/2004 at 17:51, modified on 20/06/2008 at 11:08) --a---
tdi.sys (19072 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 19:00) --a---
tdpipe.sys (12040 bytes - created on 10/08/2004 at 18:01, modified on 14/04/2008 at 00:13) --a---
tdtcp.sys (21896 bytes - created on 10/08/2004 at 18:01, modified on 14/04/2008 at 00:13) --a---
termdd.sys (40840 bytes - created on 10/08/2004 at 18:01, modified on 14/04/2008 at 00:13) --a---
tosdvd.sys (51712 bytes - created on 17/08/2001 at 19:01, modified on 04/08/2004 at 10:00) --a--c
toside.sys (4992 bytes - created on 10/08/2004 at 18:36, modified on 17/08/2001 at 18:51) --a---
tsbvcap.sys (21376 bytes - created on 17/08/2001 at 19:06, modified on 04/08/2004 at 10:00) --a--c
tunmp.sys (12288 bytes - created on 04/08/2004 at 04:03, modified on 13/04/2008 at 18:56) --a---
uagp35.sys (44672 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:36) ------
udfs.sys (66048 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:32) --a---
ultra.sys (36736 bytes - created on 10/08/2004 at 18:33, modified on 17/08/2001 at 18:52) --a---
update.sys (384768 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:39) --a---
usb8023.sys (12800 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:56) --a---
usb8023x.sys (12800 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:56) ------
usbcamd.sys (25600 bytes - created on 17/08/2001 at 19:03, modified on 13/04/2008 at 18:45) --a---
usbcamd2.sys (25728 bytes - created on 17/08/2001 at 19:03, modified on 13/04/2008 at 18:45) --a---
usbccgp.sys (32128 bytes - created on 31/08/2006 at 17:06, modified on 13/04/2008 at 18:45) --a---
usbd.sys (4736 bytes - created on 17/08/2001 at 19:03, modified on 04/08/2004 at 10:00) --a---
usbehci.sys (30208 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbhub.sys (59520 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbintel.sys (15872 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbport.sys (143872 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbprint.sys (25856 bytes - created on 31/08/2006 at 17:07, modified on 13/04/2008 at 18:47) --a---
usbscan.sys (15104 bytes - created on 31/08/2006 at 17:06, modified on 13/04/2008 at 18:45) --a---
usbstor.sys (26368 bytes - created on 31/03/2007 at 19:33, modified on 13/04/2008 at 18:45) --a---
usbuhci.sys (20608 bytes - created on 04/08/2004 at 04:08, modified on 13/04/2008 at 18:45) --a---
usbvideo.sys (121984 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:46) ------
vchnt5.dll (11325 bytes - created on 26/08/2008 at 04:58, modified on 14/04/2008 at 00:12) ------
vdmindvd.sys (58112 bytes - created on 17/08/2001 at 19:02, modified on 04/08/2004 at 10:00) --a--c
vga.sys (20992 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:44) --a---
viaagp.sys (42240 bytes - created on 10/08/2004 at 18:24, modified on 13/04/2008 at 18:36) --a---
viaide.sys (5376 bytes - created on 10/08/2004 at 18:36, modified on 13/04/2008 at 18:40) --a---
videoprt.sys (81664 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:44) --a---
volsnap.sys (52352 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:41) --a---
wacompen.sys (14208 bytes - created on 26/08/2008 at 04:58, modified on 13/04/2008 at 18:43) ------
wadv07nt.sys (11807 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wadv08nt.sys (11295 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wadv09nt.sys (11871 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wadv11nt.sys (11935 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wanarp.sys (34560 bytes - created on 10/08/2004 at 17:51, modified on 13/04/2008 at 18:57) --a---
watv06nt.sys (22271 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
watv10nt.sys (25471 bytes - created on 26/08/2008 at 04:58, modified on 04/08/2004 at 03:29) ------
wdmaud.sys (83072 bytes - created on 24/08/2006 at 08:12, modified on 13/04/2008 at 19:17) --a---
wmilib.sys (4352 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
wpdusb.sys (38528 bytes - created on 24/08/2006 at 07:52, modified on 19/10/2006 at 01:00) --a--c
ws2ifsl.sys (12032 bytes - created on 10/08/2004 at 17:51, modified on 04/08/2004 at 10:00) --a---
wstcodec.sys (19200 bytes - created on 14/04/2007 at 15:58, modified on 13/04/2008 at 18:46) --a---
WudfPf.sys (77568 bytes - created on 28/09/2006 at 23:55, modified on 28/09/2006 at 23:55) ------
WudfRd.sys (82944 bytes - created on 29/09/2006 at 00:00, modified on 29/09/2006 at 00:00) ------

==================================
[color=\"blue\"]=EOF=[/color]

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 05, 2009, 11:02:17 PM

Looks like they might be leftover entries, but let's make sure
Can you do the following

Make sure that Windows is still set to Show hidden files/folders as I described ealier

Do a search for each of these files:
Wincg20.sys
Winhg54.sys
Winjh67.sys
Winuw64.sys
bcf7b895.sys

To search for hidden or system files in Windows XP:

1. Click Start, click Search, click All files and folders, and then click More advanced options.
2. Click to select the Search system folders and Search hidden files and folders check boxes.

Do you find those files anywhere on your computer?

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 05, 2009, 11:56:11 PM

i searched again and still nothing shows up.

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 06, 2009, 12:19:36 AM

Can you make a backup of the registry for me please
Go to START>>RUN>>Type in regedit

Hit OK
In the Registry editor
Ensure that My Computer is highlighted
Then click on FILE>>Export
Give this file a name, such as backreg
Save it to a convenient location

Close the registry editor
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
KillAll::
Driver::
Wincg20
Winhg54
Winjh67
Winuw64
bcf7b895
File::
c:\windows\system32\Drivers\Wincg20.sys
c:\windows\system32\Drivers\Winhg54.sys
c:\windows\system32\Drivers\Winjh67.sys
c:\windows\system32\Drivers\Winuw64.sys
c:\windows\system32\drivers\bcf7b895.sys
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincg20.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhg54.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjh67.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuw64.sys]
[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
Can you post that log please

Let me then know how things are still running

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 06, 2009, 01:23:55 AM

browser is running just fine, no more pop ups and no more yoog.

/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> here is the log

ComboFix 09-03-04.01 - Paige Lindsey 2009-03-06 0:13:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.439 [GMT -6:00]
Running from: c:\documents and settings\Paige Lindsey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paige Lindsey\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\bcf7b895.sys
c:\windows\system32\Drivers\Wincg20.sys
c:\windows\system32\Drivers\Winhg54.sys
c:\windows\system32\Drivers\Winjh67.sys
c:\windows\system32\Drivers\Winuw64.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINHG54
-------\Legacy_WINJH67
-------\Legacy_WINUW64
-------\Service_bcf7b895
-------\Service_Wincg20
-------\Service_Winhg54
-------\Service_Winjh67
-------\Service_Winuw64

((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-05 21:07 . 2009-03-05 21:07 14,336 --ahs---- c:\windows\system32\Thumbs.db
2009-03-05 17:51 . 2009-03-05 17:51 <DIR> d-------- C:\_OTScanIt
2009-03-05 12:41 . 2009-03-05 12:41 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 04:17 . 2009-03-04 04:17 85,590 --a------ c:\windows\system32\963759e6-b34b-f648-28c3-2929735ebc68.exe
2009-02-25 23:56 . 2009-02-25 23:56 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-25 23:56 . 2009-02-25 23:56 1,409 --a------ c:\windows\QTFont.for
2009-02-24 22:56 . 2009-02-24 22:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 22:56 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 22:56 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 16:22 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-23 16:20 . 2009-02-23 16:20 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-23 16:17 . 2009-02-23 16:17 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 21:23 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 05:47 --------- d-----w c:\program files\Google
2009-02-24 08:55 --------- d-----w c:\program files\Dl_cats
2009-02-23 22:22 --------- d-----w c:\program files\Windows Live
2009-02-23 22:22 --------- d-----w c:\program files\Microsoft
2009-02-14 02:28 34 ----a-w c:\documents and settings\Paige Lindsey\jagex_runescape_preferences.dat
2009-01-31 06:12 --------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-01-31 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-31 06:11 --------- d-----w c:\program files\Yahoo!
2009-01-29 23:59 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-29 23:57 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-29 21:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 21:54 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\InstallShield
2009-01-29 21:26 --------- d-----w c:\program files\Windows Defender
2009-01-29 21:18 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\U3
2009-01-29 06:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 02:25 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\Malwarebytes
2009-01-29 02:25 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-28 22:49 --------- d-----w c:\program files\Enigma Software Group
2009-01-28 22:28 --------- d-----w c:\program files\LimeWire
2009-01-27 16:51 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\LimeWire
2009-01-27 16:32 --------- d-----w c:\program files\McAfee
2009-01-27 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-25 05:43 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\Move Networks
2009-01-21 18:31 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2009-01-21 08:31 --------- d-----w c:\program files\Common Files\INCA Shared
2009-01-21 03:14 --------- d-----w c:\program files\Steinberg
2009-01-21 01:28 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-01-20 21:33 --------- d-----w c:\documents and settings\Paige Lindsey\Application Data\Corel
2009-01-20 21:28 --------- d-----w c:\program files\Corel
2009-01-20 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-01-11 03:27 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-03-28 19:40 4,630 ----a-w c:\documents and settings\Paige Lindsey\Application Data\wklnhst.dat
2006-11-10 01:14 90,760 -c--a-w c:\documents and settings\Paige Lindsey\Application Data\GDIPFONTCACHEV1.DAT
2008-08-26 06:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082620080827\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_20.07.32.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-03-06 00:09:32 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-06 04:42:28 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-06 00:09:32 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-06 04:42:28 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-06 00:09:32 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-06 04:42:28 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-06 00:05:10 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
+ 2009-03-06 03:52:18 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-08-24 26112]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-24 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-03-03 217088]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-03-22 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Paige Lindsey^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Paige Lindsey\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 01:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a------ 2005-10-20 18:40 430080 c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-11-01 02:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-10-14 12:46 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-10-14 12:50 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-10-14 12:49 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2008-07-11 16:48 641208 c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2008-11-04 14:01 558808 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-24 02:17 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-08-24 02:17 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton Ghost"=2 (0x2)
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-23 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-10 206096]
R2 seaport;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-03-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-03-06 c:\windows\Tasks\User_Feed_Synchronization-{3E0AA50E-9D46-4313-97F3-88AE4F65989A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
LSP: c:\windows\system32\mclsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Paige Lindsey\Application Data\Mozilla\Firefox\Profiles\4fcxgyjw.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\1.4.697.28342\npCIDetect7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: keyword.enabled - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2009-03-06 00:17:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\Tablet.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2009-03-06 0:21:23 - machine was rebooted [Paige Lindsey]
ComboFix-quarantined-files.txt 2009-03-06 06:21:20
ComboFix2.txt 2009-03-06 02:08:35

Pre-Run: 5,813,567,488 bytes free
Post-Run: 5,718,220,800 bytes free

271 --- E O F --- 2009-03-05 16:37:08

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 06, 2009, 01:48:30 AM

Can we update some of your software to help plug some security holes

Close down all browser windows
Access your Add and Remove Programs and remove all the following

Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 6
Javaâ„¢ 6 Update 2
Javaâ„¢ 6 Update 7

Reboot the computer after all the above are removed

Back in Windows

[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java SE Runtime Environment (JRE) (http://\"http://java.sun.com/javase/downloads/index.jsp\").
Scroll down to where it says "JRE 6 Update 12".
Click the "Download" button to the right.
In the Window that opens, select Windows, under Platform:>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop double-click on jre-6u12-windows-i586-p.exe that you downloaded to install the newest version.

Ensure for now, that you have your Virus scanner and Firewall activated and running properly

Open Adobe Reader
Click on HELP>>Check for Updates to update to the latest version
Allow connection thru your Firewall
If you can't update that way let me know please

Post back one last final hijackthis log please
We still have to remove some tools we used for disinfection, but we'll do it in the proper steps

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 06, 2009, 02:24:09 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:23 AM, on 3/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab (http://\"http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab\")
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab (http://\"https://secure.gopetslive.com/dev/gopets.cab\")
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab (http://\"https://secure.gopetslive.com/dev/GoPetsWeb.cab\")
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9304 bytes

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 06, 2009, 02:42:57 AM

Looks good

To remove ComboFix
Go to START>>RUN>>
copy and paste the following

[color=\"#FF0000\"]combofix /u[/color]
and press enter
This will uninstall ComboFix and it's components

Delete DirLook.exe on desktop and it's file
C:\DirLook.txt
Also delete CFScript.txt from desktop

EDIT>>Forgot about Gooredfix
Click Start >> Run and then copy/paste the following into the box and hit Enter:
[color=\"#FF0000\"]"%userprofile%\Desktop\GooredFix.exe" /uninstall[/color]

OTScanIt2.exe

Double click on OTScanIt2.exe on desktop to run it

Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTScanit2.exe from desktop. If not delete it manually after the system reboots

Hold onto Malwarebyte's Anti-Malware and occassionally Update and run a Quick Scan
Or uninstall it from Add and Remove Programs
You can manually delete ATF-Cleaner.exe, or hold onto it to help clean temp files, cookies, etc..
It's your option

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")

Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

You can go back and enable Windows Defender protections if still disabled

NOTE: Mozilla Firefox just had a recent update
In Firefox, click on HELP>>Check for updates
That should bring you to Firefox version 3.0.7

Post back in about a day and let me know how things are still running
At which time I can lock this topic and then you can delete that registry backup you made earlier thru regedit

Title: AdDestinastion installed itself, need to get rid of it!
Post by: LilSparrow on March 07, 2009, 03:02:07 AM

Computer is running just fine, no pop ups or yoog at all.

/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> Thanks very much for your help!

Title: AdDestinastion installed itself, need to get rid of it!
Post by: guestolo on March 07, 2009, 03:33:36 AM

Good work, Go ahead and manually delete that Registry backup you did earlier
I'll lock this topic as your problems are resolved
Take care LilSparrow

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />