Security Tool & Antivirus Pro 2009 infections [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

5 Pages

< 1 2 3 4 > »

Security Tool & Antivirus Pro 2009 infections [Solved]

Options

chamber View Member Profile	Oct 27 2009, 07:30 AM Post #16
Trusted Helper Posts: 1,821 From: ~/ OS: Linux all the way!	Hi, You can go ahead and paste the logs into your reply, I only need certain logs attached and I'll ask for them when I need them.

dhlavinka View Member Profile	Oct 27 2009, 07:13 PM Post #17
Member Posts: 39 From: Houston, Texas OS: Windows XP	OTL log report attached in previous post. Kaspersky scan completed successfully. KasReport attached below. Will wait for your next instruction. Thanks. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, October 27, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, October 27, 2009 10:59:32 Records in database: 3089395 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ Scan statistics: Objects scanned: 140780 Threats found: 5 Infected objects found: 24 Suspicious objects found: 0 Scan duration: 02:46:59 File name / Threat / Threats count C:\Program Files\MSN Games\Wheel of Fortune 2\Launch.exe Infected: Trojan.Win32.Inject.ygw 1 C:\Qoobox\Quarantine\C\Documents and Settings\Brian\ntuser.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Brian\Start Menu\Programs\Startup\scandisk.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Jill\Application Data\seres.exe.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Jill\Application Data\svcst.exe.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Jill\ntuser.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Jill\Start Menu\Programs\Startup\scandisk.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\ntuser.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\berikeda.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\bimeyonu.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fotuliza.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gawafuda.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gitabiga.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gizapune.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hujinuya.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\zahuzewi.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir Infected: not-a-virus:FraudTool.Win32.Antivirus2010.ag 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-26_06.44.23.zip Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-26_06.44.23.zip Infected: Packed.Win32.TDSS.aa 2 C:\Qoobox\Quarantine\[4]-Submit_2009-10-26_06.44.23.zip Infected: Trojan.Win32.FraudPack.xcs 2 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000050.exe Infected: Trojan.Win32.FraudPack.xcs 1 Selected area has been scanned.

chamber View Member Profile	Oct 28 2009, 02:16 AM Post #18
Trusted Helper Posts: 1,821 From: ~/ OS: Linux all the way!	Hi, How are things running now? Please download OTM Save it to your desktop. Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes :Services :Reg :Files C:\Program Files\MSN Games\Wheel of Fortune 2\Launch.exe :Commands [purity] [emptytemp] [Reboot] Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM and reboot your PC. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

dhlavinka View Member Profile	Oct 28 2009, 05:15 AM Post #19
Member Posts: 39 From: Houston, Texas OS: Windows XP	Good morning. The computer is running very well now. Speed at which things are processing seems back to normal. No issues with internet sites. The only thing which I have notices which is strange is that I have no sound at all. Checked my volume settings manually and in the Sounds section of the Control Panel. For grins I inserted a CD into the player to see if I could play music. Normally after a few seconds, Windows Media Player would launch and the CD would play automatically. But nothing. I even tried playing a song on the harddrive - nothing. Went to YouTube to play a song - nothing. All of these things worked perfectly before my machine was invaded. I had noticed that during all the work we have done that the machine was eerily quiet. Never heard any sounds when downloads were completed or anything. I have posted the results of the OTM and Security Check below. All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\Program Files\MSN Games\Wheel of Fortune 2\Launch.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Bradley ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: Brett ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: Brian ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: Danny File delete failed. C:\Documents and Settings\Danny\Local Settings\Temp\Temporary Internet Files\Content.IE5\QBWHDC83\general;net=ns;u=ns-15387977_1256726815,114be8332183764,ce_mobile_android,;;kw=;tile=1;ord1=986408;sz=300x250,336x280;contx=ce_mobile_androi d;btg=;ord=6483249498731318[1] scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Danny\Local Settings\Temp\Temporary Internet Files\Content.IE5\JMNU67AD\general;net=ns;u=ns-92288339_1256726816,114be8332183764,ce_mobile_android,;;kw=;tile=1;ord1=889243;sz=300x250,336x280;contx=ce_mobile_androi d;btg=;ord=6483249498731318[1] scheduled to be deleted on reboot. ->Temp folder emptied: 89084511 bytes ->Temporary Internet Files folder emptied: 6660151 bytes ->Java cache emptied: 25621541 bytes ->FireFox cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jill ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 248 bytes ->Temporary Internet Files folder emptied: 488995 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d10.dat scheduled to be deleted on reboot. Windows Temp folder emptied: 83064 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 116.32 mb OTM by OldTimer - Version 3.0.0.6 log created on 10282009_055529 Files moved on Reboot... File C:\Documents and Settings\Danny\Local Settings\Temp\Temporary Internet Files\Content.IE5\QBWHDC83\general;net=ns;u=ns-15387977_1256726815,114be8332183764,ce_mobile_android,;;kw=;tile=1;ord1=986408;sz=300x250,336x280;contx=ce_mobile_androi d;btg=;ord=6483249498731318[1] not found! File C:\Documents and Settings\Danny\Local Settings\Temp\Temporary Internet Files\Content.IE5\JMNU67AD\general;net=ns;u=ns-92288339_1256726816,114be8332183764,ce_mobile_android,;;kw=;tile=1;ord1=889243;sz=300x250,336x280;contx=ce_mobile_androi d;btg=;ord=6483249498731318[1] not found! File C:\WINDOWS\temp\Perflib_Perfdata_d10.dat not found! Registry entries deleted on Reboot... Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee SecurityCenter Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Java™ 6 Update 16 Java™ SE Runtime Environment 6 Update 1 Java™ 6 Update 2 Java™ 6 Update 3 Java™ 6 Update 5 Java™ 6 Update 7 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 7.0.9 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````

chamber View Member Profile	Oct 28 2009, 05:26 AM Post #20
Trusted Helper Posts: 1,821 From: ~/ OS: Linux all the way!	Hi, When using JavaRa did you select Remove Older Versions.? Go to Add or Remove programs and uninstall the following, Java� SE Runtime Environment 6 Update 1 Java� 6 Update 2 Java� 6 Update 3 Java� 6 Update 5 Java� 6 Update 7 Your adobe reader is out of date, visit HERE for the latest version. For the sound issue, if you go to your Device Manager and look at the sound settings there are there any errors showing?

dhlavinka View Member Profile	Oct 28 2009, 05:54 AM Post #21
Member Posts: 39 From: Houston, Texas OS: Windows XP	Manually removed the 5 Java6 related programs you mentioned. There are still 7 Java programs showing in my Add/Remove: J2SE Runtime Env 5.0 Update 10 J2SE Runtime Env 5.0 Update 11 J2SE Runtime Env 5.0 Update 5 J2SE Runtime Env 5.0 Update 6 J2SE Runtime Env 5.0 Update 9 Java 2 Runtime Env, SE v1.4.2_03 Java™ 6 Update 16 Installed updated Adobe Reader. Checked my Device Manager. Not that familiar with it so not sure what to look for. Can see the tree for my computer with all the devices listed. Can see all the + to allow me to expand each item. No notations of any errors anywhere, but not sure if I would see them at this base level or if I would have to expand each device look at all levels. I opened "Sound, video and game controllers" and no errors noted there.

chamber View Member Profile	Oct 28 2009, 06:57 AM Post #22
Trusted Helper Posts: 1,821 From: ~/ OS: Linux all the way!	You can remove these. J2SE Runtime Env 5.0 Update 10 J2SE Runtime Env 5.0 Update 11 J2SE Runtime Env 5.0 Update 5 J2SE Runtime Env 5.0 Update 6 J2SE Runtime Env 5.0 Update 9 Java 2 Runtime Env, SE v1.4.2_03 For the sound issue I would say that the best bet would be to create a new thread in the xp forum and explain the problem. Let them know that I have said that you are clean and that you need help with sound problems after your system became infected. I don't really have the expertise to help on this issue.

dhlavinka View Member Profile	Oct 28 2009, 07:12 AM Post #23
Member Posts: 39 From: Houston, Texas OS: Windows XP	I will definitely create a new thread and see if anyone has expertise in this area to provide some help. I have removed each of the Java items discussed. So at this point, is it safe to assume that all is well and regular use of this computer can resume? My wife is going crazy without being able to access her Facebook. Just wanted to be sure all is clear before letting her at it. Just a couple of follow up questions too. 1)Of all the items I downloaded to work thru this mess....which ones should I keep? I assume some of the diagnostic things can go as I have no clue how to use or understand the reports generated. If I run into problems again in the future, it is likely these versions will be old or obsolete by then. So should I just delete them? 2)I would think the Malwarebytes is good to keep and use as my primary scanning device along with my McAfee regular scheduled scans? Should I dump all other Ad-ware type programs on my machine except these two? 3)Of the others the TFC was nice because it dumped all temp files. But the OTM also looked like it did something similar. 4)Back to the beginning....How in the world did the Security Tool and Antivirus Pro 2010 get on my machine in the first place? We are meticulous about not clicking links for stuff we don't recognize. Are these two relatively new programs and maybe my McAfee had not been updated recently enough to detect them? Is it possible for these two to just install themselves on my computer without someone clicking a link? Sorry for all the questions, but just want to understand as much as possible. Heading out to the office. Will wait for your replies. Thanks again.

chamber View Member Profile	Oct 28 2009, 07:28 AM Post #24
Trusted Helper Posts: 1,821 From: ~/ OS: Linux all the way!	No problem with all the questions, I will try to answer them as best I can. QUOTE So at this point, is it safe to assume that all is well and regular use of this computer can resume? You should be all good to go. QUOTE Just a couple of follow up questions too. QUOTE 1)Of all the items I downloaded to work thru this mess....which ones should I keep? I assume some of the diagnostic things can go as I have no clue how to use or understand the reports generated. If I run into problems again in the future, it is likely these versions will be old or obsolete by then. So should I just delete them? I will be giving instructions on how to remove the programs that we used now. QUOTE 2)I would think the Malwarebytes is good to keep and use as my primary scanning device along with my McAfee regular scheduled scans? Should I dump all other Ad-ware type programs on my machine except these two? It's always good to have a scanner that has resident protection (the free version of Malwarebytes does not) in conjunction with a resident scanner (malwarebytes) and your AV (McAfee). You never want to have more than one on access protection program running though as this would cause conflicts. QUOTE 3)Of the others the TFC was nice because it dumped all temp files. But the OTM also looked like it did something similar. OTM does have something similar but we will get rid of it, TFC is good one to keep, I use it every day. QUOTE 4)Back to the beginning....How in the world did the Security Tool and Antivirus Pro 2010 get on my machine in the first place? We are meticulous about not clicking links for stuff we don't recognize. Are these two relatively new programs and maybe my McAfee had not been updated recently enough to detect them? Is it possible for these two to just install themselves on my computer without someone clicking a link? I could not hazard a guess at how these got onto your system but they are very very new, and can pretty much cripple an antivirus as well as most of the tools that we use for diagnostics. No matter how careful you can be there is always the possibility that something could get by. Your best defence is to keep the antivirus up to date and perform regular scans, use a safer browser than IE and to have on access protection alert you to any changes to your system. Now for the good news, Congratulations your logs appear clean!! Clean up Follow these steps to uninstall Combofix and tools used in the removal of malware Uninstall ComboFix Remove Combofix now that we're done with it. Please press the Windows Key and R on your keyboard. This will bring up the Run... command. Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/") Please follow the prompts to uninstall Combofix. You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself. This will uninstall Combofix and anything assoicated with it. Remove leftover programs Download OTC to your desktop and run it Click Yes to beginning the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. Please let me know any programs that remain and I will advise on what can be kept Browsers Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust) NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Additional Security Measures Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. You should also make sure that your automatic updates enabled. SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You should have a good anti spyware program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware MVPS Hosts file The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. Spring Cleaning TFC - Temp File Cleaner by OldTimer - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from. Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

dhlavinka View Member Profile	Oct 28 2009, 07:38 AM Post #25
Member Posts: 39 From: Houston, Texas OS: Windows XP	Decided to check one more thing before heading to the office. When the virus attacked the machine it changed my background on my desktop. After we did a number of the diagnostic things it eventually came back and all is normal on my login. I decided to check my wife's login. When logging into her area I got a RUNDLL error window. The background is still what the virus changed it to ... all red. I can only change the color of the background by using the display properties and desktop options. I can not access any of the desktop choices except color. And there is one item listed at the bottom of the Desktop background choices called critical_warning. My wife was the one using the computer when it went wacko. I checked the other three users set up on the computer. One is OK without any issues. The other two start up fine but their background is just a solid color. Not their normal background. But when you log off their session their proper background flashes on before the session logs off. Like it is in the background but is covered up by the wrong background. Of the five users set up on the computer two give the RUNDLL error window which says Error loading C:\DOCUMENT....\(then the username)\ntuser.dll The specified module could not be found When the viruses were rampant these are the only other two sessions I tried logging into. This the same error I received on my session. All the work done on the computer was from my session. Hope this makes some sense to you.

chamber View Member Profile	Oct 28 2009, 07:42 AM Post #26
Trusted Helper Posts: 1,821 From: ~/ OS: Linux all the way!	If you want to we can do some work on your wifes account now? Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\.exe %SYSTEMDRIVE%\eventlog.dll /s /md5 %SYSTEMDRIVE%\scecli.dll /s /md5 %SYSTEMDRIVE%\netlogon.dll /s /md5 %SYSTEMDRIVE%\cngaudit.dll /s /md5 %SYSTEMDRIVE%\sceclt.dll /s /md5 %SYSTEMDRIVE%\ntelogon.dll /s /md5 %SYSTEMDRIVE%\logevent.dll /s /md5 %SYSTEMDRIVE%\iaStor.sys /s /md5 %SYSTEMDRIVE%\nvstor.sys /s /md5 %SYSTEMDRIVE%\atapi.sys /s /md5 %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 %SYSTEMDRIVE%\viasraid.sys /s /md5 %SYSTEMDRIVE%\AGP440.sys /s /md5 %SYSTEMDRIVE%\vaxscsi.sys /s /md5 Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt* and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

dhlavinka View Member Profile	Oct 28 2009, 08:26 AM Post #27
Member Posts: 39 From: Houston, Texas OS: Windows XP	Would have thought that the things we did would take care of all users on the machine. Shows what I get for thinking. At the office now so will have to work on this when I get home this evening. In the meantime - tried one more thing before leaving the house. On my wife's session tried to log out completely (instead of just switching to another user) and had the following window and message pop up: Profile Storage Space You have exceeded your profile storage space. Before you can log off, you need to move some things from your profile to network or local storage. And it listed a ton of files in the window below. I did not accept this or tell it to proceed. Just left her session logged on and switched to another. Guess I have more work to do when I get back home. Will begin with the items in your last post unless you want me to do otherwise since I have given this last bit of info here.

chamber View Member Profile	Oct 28 2009, 09:36 AM Post #28
Trusted Helper Posts: 1,821 From: ~/ OS: Linux all the way!	Carry on with the OTL steps for now.

dhlavinka View Member Profile	Oct 28 2009, 08:41 PM Post #29
Member Posts: 39 From: Houston, Texas OS: Windows XP	Disabled McAfee before downloading OTL because of problems I had previously with it removing OTL automatically. Downloaded OTL and inserted text given in Custom Scan window. Ran OTL and have attached OTL.txt file below. The Extras.txt file was never generated. I even ran OTL again to see if there was something I did wrong. Same results...only OTL.txt file generated. Then re-enabled my McAfee security system. But this time McAfee did not remove OTL application automatically like it did before. Don't understand this. OTL.txt file here. OTL logfile created on: 10/28/2009 9:16:59 PM - Run 2 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Jill\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1021.46 Mb Total Physical Memory \| 601.40 Mb Available Physical Memory \| 58.88% Memory free 2.40 Gb Paging File \| 1.90 Gb Available in Paging File \| 79.26% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 148.96 Gb Total Space \| 67.00 Gb Free Space \| 44.97% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 698.46 Gb Total Space \| 538.10 Gb Free Space \| 77.04% Space Free \| Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HLAVINKA Current User Name: Jill Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jill\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\System32\proquota.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE (SEIKO EPSON CORPORATION) PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (aawservice [Auto \| Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access [Auto \| Running]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) SRV - (CVPND [Auto \| Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (dsNcService [Auto \| Running]) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (ehRecvr [Auto \| Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (McAfee SiteAdvisor Service [Auto \| Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (mcmscsvc [Auto \| Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McNASvc [Auto \| Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (McODS [On_Demand \| Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McProxy [Auto \| Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McrdSvc [Auto \| Running]) -- C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) SRV - (McShield [Unknown \| Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon [Disabled \| Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MHN [On_Demand \| Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (MpfService [Auto \| Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (NVSvc [Auto \| Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RMSvc [Auto \| Running]) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) SRV - (sprtsvc_dellsupportcenter [Auto \| Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (Viewpoint Manager Service [Auto \| Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WMPNetworkSvc [Auto \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (ctac32k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (ctaud2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctdvda2k [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctprxy2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctsfm2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (CVirtA [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.) DRV - (CVPNDRVA [Auto \| Running]) -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (dac2w2k [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (DNE [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.) DRV - (drvmcdb [Boot \| Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm [Auto \| Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions) DRV - (dsNcAdpt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys (Juniper Networks) DRV - (E100B [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (emupia [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (gameenum [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ha10kx2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\hap16v2k.sys (Creative Technology Ltd) DRV - (IntelC51 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation) DRV - (IntelC52 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation) DRV - (IntelC53 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation) DRV - (mfeavfk [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfebopk [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfehidk [System \| Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mferkdk [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mfesmfk [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (MODEMCSA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (mohfilt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation) DRV - (MPFP [System \| Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.) DRV - (mraid35x [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (nv [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (nvatabus [Boot \| Running]) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (NVENETFD [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation) DRV - (nvnetbus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation) DRV - (nvraid [Boot \| Stopped]) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (ossrv [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (PfModNT [Auto \| Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.) DRV - (Point32 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (SDDMI2 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DDMI2.sys (Gteko Ltd.) DRV - (Secdrv [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SilverLink [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\SilvrLnk.sys (Texas Instruments Incorporated) DRV - (sisagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sscdbhk5 [System \| Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System \| Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions) DRV - (SVKP [Auto \| Running]) -- C:\WINDOWS\System32\SVKP.sys (AntiCracking) DRV - (sym_hi [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (symc810 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (tfsnboio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsncofs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsndrct [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions) DRV - (tfsnifs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsnopio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsnudf [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnudfa [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (TIEHDUSB [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated) DRV - (ultra [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (USBAAPL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (usbaudio [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (vsdatant [On_Demand \| Stopped]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs LLC) DRV - (WD_FireWire_HID [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\wdfwhid.sys (Western Digital Technologies) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Jill\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\System32\ctagent.dll (Creative Technology Ltd) MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc581.mail.yahoo.com/mc/welcome?...d=3ns8ffac6ub89 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:59:15 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/18 03:09:45 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/27 07:51:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/14 19:35:47 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 08:17:21 \| 00,000,000 \| ---D \| M] [2009/10/28 06:34:33 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/03/22 11:48:26 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/11/28 22:38:08 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/03/16 23:25:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/04/09 20:05:51 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/10/27 07:52:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/03/22 11:48:26 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2009/03/22 11:48:12 \| 00,067,688 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2009/03/22 11:48:12 \| 00,054,368 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2009/03/22 11:48:12 \| 00,034,944 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2009/03/22 11:48:13 \| 00,046,712 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2009/03/22 11:48:14 \| 00,172,136 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/10/27 07:51:55 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/03/22 11:48:21 \| 00,022,656 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2009/02/27 13:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/06/11 12:44:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/06/11 12:44:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/06/11 13:34:00 \| 02,115,816 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2009/03/22 11:48:24 \| 00,001,514 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/22 11:48:24 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/03/22 11:48:24 \| 00,001,038 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/22 11:48:24 \| 00,001,046 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/03/22 11:48:24 \| 00,002,351 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/22 11:48:24 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) O4 - HKCU..\Run: [calc] C:\DOCUME~1\Jill\ntuser.DLL File not found O4 - HKCU..\Run: [Login Software 2009] C:\DOCUME~1\Jill\LOCALS~1\Temp\smpsh45.exe File not found O4 - HKCU..\Run: [mserv] C:\Documents and Settings\Jill\Application Data\seres.exe File not found O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [svchost] C:\Documents and Settings\Jill\Application Data\svcst.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - HKCU..\Run: [wow64main.exe] C:\DOCUME~1\Jill\LOCALS~1\Temp\wow64main.exe File not found O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Jill\LOCALS~1\Temp\system.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (Microgaming) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Bejeweled 2\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Bejeweled 2\Images\armhelper.ocx (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://www.gateway.slb.com/dana-cached/set...perSetupSP1.cab (JuniperSetupControlXP Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 05:43:04 \| 00,000,000 \| -HS- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/06/16 22:04:20 \| 00,000,000 \| ---D \| M] - E:\autorun -- [ FAT32 ] O32 - AutoRun File - [2005/11/15 12:08:04 \| 00,000,036 \| -H-- \| M] () - E:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell - "" = AutoRun O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2009/12/25 23:05:58 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2009/10/21 21:53:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/28 08:20:29 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Jill\Application Data\Malwarebytes [2009/10/28 06:38:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe AIR [2009/12/24 22:26:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\McAfee [2009/10/21 21:38:18 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/12/25 23:06:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Juniper Networks [2009/10/26 07:18:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/24 22:25:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee [2009/12/24 22:26:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee.com [2009/12/25 23:06:57 \| 00,345,384 \| ---- \| C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll [2009/12/24 22:26:36 \| 00,120,136 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys [2009/10/28 21:13:16 \| 00,521,728 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Jill\Desktop\OTL.exe [2009/10/28 06:38:56 \| 00,000,000 \| -HSD \| C] -- C:\Config.Msi [2009/10/28 05:55:29 \| 00,000,000 \| ---D \| C] -- C:\_OTM [2009/10/27 07:52:14 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/27 07:52:14 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/27 07:52:14 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/27 07:19:02 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/26 07:18:51 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/26 07:18:49 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/25 22:06:51 \| 00,000,000 \| ---D \| C] -- C:\Combo-Fix [2009/10/25 13:04:03 \| 00,050,176 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe [2009/10/25 13:04:03 \| 00,050,176 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe [2009/10/25 12:53:11 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/25 12:49:47 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/25 12:49:47 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/25 12:49:47 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/25 12:49:47 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/25 12:48:38 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/21 21:39:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2005/12/01 01:29:25 \| 00,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2005/11/22 12:23:26 \| 00,065,536 \| ---- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll ========== Files - Modified Within 30 Days ========== [2009/12/27 21:49:22 \| 00,000,116 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/12/24 22:28:18 \| 00,000,666 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/28 21:13:16 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jill\Desktop\OTL.exe [2009/10/28 21:12:57 \| 00,014,025 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009/10/28 21:02:27 \| 04,933,091 \| ---- \| M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF [2009/10/28 12:37:45 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\System32\null [2009/10/28 08:32:15 \| 00,203,041 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/10/28 08:32:03 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/28 08:17:50 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/28 08:17:06 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/10/28 08:17:04 \| 10,711,57248 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/28 08:13:52 \| 00,031,056 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/28 08:13:52 \| 00,031,056 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/28 08:13:52 \| 00,030,528 \| ---- \| M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/28 08:13:52 \| 00,030,528 \| ---- \| M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/28 08:13:52 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/10/28 08:13:52 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settings.sfm [2009/10/28 08:13:52 \| 00,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.dat [2009/10/28 08:13:52 \| 00,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.dat [2009/10/27 17:07:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/27 07:51:53 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/10/27 07:51:53 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/27 07:51:53 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/27 07:51:53 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/27 07:51:53 \| 00,073,728 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/10/26 07:18:53 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/26 06:56:08 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/10/26 06:55:40 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/10/26 06:29:55 \| 00,011,168 \| -H-- \| M] () -- C:\WINDOWS\System32\sotezena [2009/10/25 12:53:15 \| 00,000,279 \| RHS- \| M] () -- C:\boot.ini [2009/10/19 03:13:29 \| 00,503,304 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/19 03:13:29 \| 00,442,466 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/19 03:13:29 \| 00,071,732 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/19 03:05:31 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/18 18:15:01 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/10/11 08:10:09 \| 00,236,544 \| ---- \| M] () -- C:\WINDOWS\PEV.exe ========== Files - No Company Name ========== [2009/12/24 22:29:08 \| 00,014,025 \| ---- \| C] () -- C:\WINDOWS\System32\Config.MPF [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/26 07:18:53 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/25 12:53:15 \| 00,000,209 \| ---- \| C] () -- C:\Boot.bak [2009/10/25 12:53:12 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/25 12:49:47 \| 00,236,544 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/25 12:49:47 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/25 12:49:47 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/25 12:49:47 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/06/15 00:02:38 \| 01,374,132 \| ---- \| C] () -- C:\Program Files\wrar39b3.exe [2009/04/27 21:50:03 \| 00,000,024 \| ---- \| C] () -- C:\Documents and Settings\Jill\Application Data\MyPhrases.dta [2009/02/18 14:44:00 \| 01,724,416 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009/02/18 14:44:00 \| 01,507,328 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2009/02/18 14:44:00 \| 01,101,824 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2009/02/18 14:44:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2008/04/26 11:12:44 \| 00,029,752 \| ---- \| C] () -- C:\WINDOWS\System32\InstHelper.dll [2008/04/26 11:11:52 \| 00,197,680 \| ---- \| C] () -- C:\WINDOWS\System32\vpnapi.dll [2008/04/26 11:11:51 \| 00,193,584 \| ---- \| C] () -- C:\WINDOWS\System32\CSGina.dll [2007/11/14 18:47:53 \| 00,000,251 \| ---- \| C] () -- C:\Program Files\wt3d.ini [2006/12/27 20:12:56 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\tb70r.ini [2006/09/26 20:19:35 \| 00,000,097 \| ---- \| C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/09/26 20:15:21 \| 00,000,044 \| ---- \| C] () -- C:\WINDOWS\ESCX5800.ini [2006/06/10 10:57:51 \| 00,000,008 \| ---- \| C] () -- C:\WINDOWS\System32\winlogon.ini [2006/05/21 19:39:19 \| 00,000,245 \| ---- \| C] () -- C:\WINDOWS\hegames.ini [2006/03/21 21:03:41 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\BlendSettings.ini [2006/02/23 20:30:06 \| 00,026,922 \| ---- \| C] () -- C:\Program Files\MoviePass Terms.html [2006/02/15 04:00:47 \| 00,004,323 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2006/02/05 09:37:05 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\OpPrintServer.INI [2005/12/31 09:38:42 \| 00,005,839 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005/12/18 12:17:24 \| 00,000,151 \| ---- \| C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2005/11/30 22:56:37 \| 00,014,336 \| ---- \| C] () -- C:\Documents and Settings\Jill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/11/30 01:05:00 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2005/11/29 22:32:54 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\adistres.dll [2005/11/29 21:35:26 \| 00,210,944 \| ---- \| C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2005/11/29 21:29:03 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/11/24 02:04:43 \| 00,000,766 \| ---- \| C] () -- C:\WINDOWS\CoD.INI [2005/11/24 01:24:11 \| 00,039,864 \| ---- \| C] () -- C:\Documents and Settings\Jill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/11/24 01:24:01 \| 00,003,350 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/11/24 01:24:01 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\85728D2DE4.sys [2005/11/24 01:18:28 \| 00,545,304 \| -H-- \| C] () -- C:\Documents and Settings\Jill\Local Settings\Application Data\IconCache.db [2005/11/24 01:18:28 \| 00,000,127 \| ---- \| C] () -- C:\Documents and Settings\Jill\Local Settings\Application Data\fusioncache.dat [2005/11/24 01:18:28 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Jill\Application Data\desktop.ini [2005/11/24 01:02:51 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2005/11/22 12:36:19 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005/11/22 12:27:10 \| 00,000,589 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2005/11/22 12:23:45 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\AC3API.INI [2005/11/22 12:23:28 \| 00,014,424 \| ---- \| C] () -- C:\WINDOWS\System32\Aud2_Del.ini [2005/11/22 12:23:28 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/11/22 12:23:27 \| 00,000,194 \| ---- \| C] () -- C:\WINDOWS\System32\KILL.INI [2005/11/22 12:23:08 \| 00,000,136 \| ---- \| C] () -- C:\WINDOWS\SBWIN.INI [2005/11/22 12:06:52 \| 00,000,384 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/16 05:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 05:33:24 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 05:18:43 \| 00,000,666 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 05:18:41 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 15:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/04/09 18:04:54 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [1999/01/22 13:46:56 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2009/10/21 21:53:43 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/06/16 18:10:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/10/14 20:20:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2005/08/16 21:54:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2007/04/08 13:42:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DriveSmarrt-MX [2009/08/22 15:48:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2007/09/08 12:52:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2009/12/25 23:05:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2005/12/25 12:20:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios [2007/08/07 21:42:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games [2008/03/20 01:51:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008/10/02 21:06:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/02/13 09:03:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/28 08:20:29 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Jill\Application Data [2005/11/27 22:22:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Aim [2008/01/01 17:09:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\ArcSoft [2005/11/24 01:24:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Corel Photo Album [2005/11/27 22:22:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Leadertech [2008/10/16 14:07:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Microgaming [2009/06/30 16:48:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Move Networks [2008/09/29 18:50:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\MSNInstaller [2006/08/27 21:38:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\PlayFirst [2007/12/26 22:28:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Pogo Games [2008/01/15 19:26:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\TypingMaster7 [2009/03/15 18:05:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\U3 [2008/11/21 21:52:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Viewpoint [2009/10/27 17:07:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 06:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/10/28 08:17:50 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/10 06:00:00 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) -- C:\i386\eventlog.dll [1 C:\i386\.tmp files] [eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/10 06:00:00 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/10 06:00:00 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) -- C:\i386\scecli.dll [1 C:\i386\.tmp files] [scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/10 06:00:00 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/10 06:00:00 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\i386\netlogon.dll [1 C:\i386\.tmp files] [netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/10 06:00:00 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 19:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 19:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 19:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 23:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) -- C:\i386\atapi.sys [1 C:\i386\.tmp files] [atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 23:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 13:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 13:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [AGP440.SYS : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/04 00:07:42 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\i386\AGP440.SYS [1 C:\i386\.tmp files] [agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/04 00:07:42 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 13:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 13:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 13:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90BA5E08 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FB468B7 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A208B5C @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067BF339 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A6AFE3D @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB00961 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040 < End of report >

chamber View Member Profile	Oct 29 2009, 02:06 AM Post #30
Trusted Helper Posts: 1,821 From: ~/ OS: Linux all the way!	Hi, I think that I see the problem. Hopefully will get it sorted for you. 1) OTL Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O4 - HKCU..\Run: [calc] C:\DOCUME~1\Jill\ntuser.DLL File not found O4 - HKCU..\Run: [Login Software 2009] C:\DOCUME~1\Jill\LOCALS~1\Temp\smpsh45.exe File not found O4 - HKCU..\Run: [mserv] C:\Documents and Settings\Jill\Application Data\seres.exe File not found O4 - HKCU..\Run: [wow64main.exe] C:\DOCUME~1\Jill\LOCALS~1\Temp\wow64main.exe File not found O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Jill\LOCALS~1\Temp\system.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell - "" = AutoRun O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found :Services :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\OldTimer Tools\OTL] "RunQty"="0" :Files :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. 2) ComboFix Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** log in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. In your reply I would like to see copied and pasted, 1) OTL logs 2) ComboFix log

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

5 Pages

< 1 2 3 4 > »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Help - Fake Windows Security Center & Spyware Guard 2009 [Solved] 123	30 / 1,081	11th February 2009 - 06:36 PM dpanone started - last by SpySentinel
Virus, Spyware and Trojan Removal Google Redirect / AntiVirus Pro 2009 [Solved]	13 / 216	15th August 2009 - 05:55 AM Mr. Doo started - last by kahdah
Virus, Spyware and Trojan Removal stubborn antivirus pro 2009 [Solved]	12 / 215	21st October 2009 - 04:38 AM RoBSTaR started - last by Rorschach112
Hardware, Components and Peripherals No sound after Security Tool & Antivirus Pro 2010 infection	13 / 194	10th November 2009 - 07:46 AM dhlavinka started - last by happyrock