Security Tool & Antivirus Pro 2009 infections [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

5 Pages

< 1 2 3 4 5 >

Security Tool & Antivirus Pro 2009 infections [Solved]

Options

chamber View Member Profile	Oct 29 2009, 07:06 AM Post #32
Trusted Helper Posts: 1,817 From: ~/ OS: Linux all the way!	Ok. Looks better. 1) OTL Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found. O4 - HKCU..\Run: [svchost] C:\Documents and Settings\Jill\Application Data\svcst.exe File not found O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Bejeweled 2\Images\armhelper.ocx (Reg Error: Key error.) [2009/10/26 06:29:55 \| 00,011,168 \| -H-- \| M] () -- C:\WINDOWS\System32\sotezena :Services :Reg :Files :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. 2) Malwarebytes Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. 3) Kaspersky Using Internet Explorer or Firefox, visit Kaspersky Online Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs. 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take quite a long time to download. Once the update is complete, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, adware, dialers, and other riskware Archives E-mail databases Click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View report... at the bottom. Click the Save report... button. Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply In your reply I would like to see copied and pasted, 1) OTL logs 2) Malwarebytes logs 3) Kaspersky scan

dhlavinka View Member Profile	Oct 29 2009, 11:08 PM Post #33
Member Posts: 39 From: Houston, Texas OS: Windows XP	Good morning. Ran OTL with your Custom Scan script. Rebooted and reran via Quick Scan. Only OTL.txt file generated and attached below. No Extras.txt file generated. Ran Malwarebytes and attached logfile below. Said no infections detected. Ran Kaspersky Scanner. It attempted to install definitions and update but stalled. We are having bad weather and it appears the internet connection went off briefly at one point and I got an error message. Rebooted the computer. Reran Kaspersky Scanner. Ran successfully. KasReport.txt file attached below as well. OTL logfile created on: 10/29/2009 8:51:03 PM - Run 2 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Jill\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1021.46 Mb Total Physical Memory \| 478.37 Mb Available Physical Memory \| 46.83% Memory free 2.40 Gb Paging File \| 1.92 Gb Available in Paging File \| 79.79% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 148.96 Gb Total Space \| 67.08 Gb Free Space \| 45.03% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HLAVINKA Current User Name: Jill Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jill\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.) PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE (SEIKO EPSON CORPORATION) PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (aawservice [Auto \| Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access [Auto \| Running]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) SRV - (CVPND [Auto \| Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (dsNcService [Auto \| Running]) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (ehRecvr [Auto \| Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (McAfee SiteAdvisor Service [Auto \| Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (mcmscsvc [Auto \| Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McNASvc [Auto \| Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (McODS [On_Demand \| Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McProxy [Auto \| Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McrdSvc [Auto \| Running]) -- C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) SRV - (McShield [Unknown \| Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon [Disabled \| Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MHN [On_Demand \| Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (MpfService [Auto \| Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (NVSvc [Auto \| Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RMSvc [Auto \| Running]) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) SRV - (sprtsvc_dellsupportcenter [Auto \| Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (Viewpoint Manager Service [Auto \| Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WMPNetworkSvc [Auto \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Jill\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\McAfee\SiteAdvisor\saHook.dll () MOD - C:\WINDOWS\System32\ctagent.dll (Creative Technology Ltd) MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc581.mail.yahoo.com/mc/welcome?...d=3ns8ffac6ub89 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:59:15 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/18 03:09:45 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/27 07:51:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/14 19:35:47 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 08:17:21 \| 00,000,000 \| ---D \| M] [2009/10/28 06:35:04 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/03/22 11:48:26 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/11/28 22:38:08 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/03/16 23:25:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/04/09 20:05:51 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/10/27 07:52:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/03/22 11:48:26 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2009/03/22 11:48:12 \| 00,067,688 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2009/03/22 11:48:12 \| 00,054,368 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2009/03/22 11:48:12 \| 00,034,944 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2009/03/22 11:48:13 \| 00,046,712 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2009/03/22 11:48:14 \| 00,172,136 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/10/27 07:51:55 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/03/22 11:48:21 \| 00,022,656 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2009/02/27 13:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/06/11 12:44:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/06/11 12:44:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/06/11 13:34:00 \| 02,115,816 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2009/03/22 11:48:24 \| 00,001,514 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/22 11:48:24 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/03/22 11:48:24 \| 00,001,038 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/22 11:48:24 \| 00,001,046 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/03/22 11:48:24 \| 00,002,351 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/22 11:48:24 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (Microgaming) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Bejeweled 2\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://www.gateway.slb.com/dana-cached/set...perSetupSP1.cab (JuniperSetupControlXP Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 05:43:04 \| 00,000,000 \| -HS- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 14 Days ========== [2009/12/25 23:05:58 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2009/10/21 21:53:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/28 08:20:29 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Jill\Application Data\Malwarebytes [2009/10/28 06:38:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe AIR [2009/12/24 22:26:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\McAfee [2009/10/21 21:38:18 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/12/25 23:06:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Juniper Networks [2009/10/26 07:18:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/24 22:25:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee [2009/12/24 22:26:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee.com [2009/12/25 23:06:57 \| 00,345,384 \| ---- \| C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll [2009/12/24 22:26:36 \| 00,120,136 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys [2009/10/29 20:40:18 \| 00,521,728 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Jill\Desktop\OTL.exe [2009/10/29 06:04:38 \| 00,000,000 \| ---D \| C] -- C:\ComboFix [2009/10/28 06:38:56 \| 00,000,000 \| ---D \| C] -- C:\Config.Msi [2009/10/28 05:55:29 \| 00,000,000 \| ---D \| C] -- C:\_OTM [2009/10/27 07:19:02 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/26 07:18:51 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/26 07:18:49 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/25 22:06:51 \| 00,000,000 \| ---D \| C] -- C:\Combo-Fix [2009/10/25 12:53:11 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/25 12:49:47 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/25 12:49:47 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/25 12:49:47 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/25 12:49:47 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/25 12:48:38 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/21 21:39:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2005/12/01 01:29:25 \| 00,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2005/11/22 12:23:26 \| 00,065,536 \| ---- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll ========== Files - Modified Within 14 Days ========== [2009/12/27 21:49:22 \| 00,000,116 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/12/24 22:28:18 \| 00,000,666 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/29 20:49:16 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/29 20:48:52 \| 00,203,041 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/10/29 20:48:18 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/29 20:47:40 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/10/29 20:47:37 \| 10,711,57248 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/29 20:42:50 \| 00,032,592 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/29 20:42:50 \| 00,032,592 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/29 20:42:50 \| 00,032,088 \| ---- \| M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/29 20:42:50 \| 00,032,088 \| ---- \| M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/29 20:42:50 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/10/29 20:42:50 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settings.sfm [2009/10/29 20:42:50 \| 00,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.dat [2009/10/29 20:42:50 \| 00,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.dat [2009/10/29 20:42:34 \| 00,014,025 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009/10/29 20:42:25 \| 04,933,091 \| ---- \| M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF [2009/10/29 20:40:18 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jill\Desktop\OTL.exe [2009/10/29 12:37:24 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\System32\null [2009/10/29 06:15:11 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/10/27 17:07:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/26 07:18:53 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/26 06:55:40 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/10/25 12:53:15 \| 00,000,279 \| RHS- \| M] () -- C:\boot.ini [2009/10/25 06:11:34 \| 00,077,312 \| ---- \| M] () -- C:\WINDOWS\MBR.exe [2009/10/19 03:13:29 \| 00,503,304 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/19 03:13:29 \| 00,442,466 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/19 03:13:29 \| 00,071,732 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/19 03:05:31 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/18 18:15:01 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk ========== Files - No Company Name ========== [2009/12/24 22:29:08 \| 00,014,025 \| ---- \| C] () -- C:\WINDOWS\System32\Config.MPF [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/29 06:04:47 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2009/10/26 07:18:53 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/25 12:53:15 \| 00,000,209 \| ---- \| C] () -- C:\Boot.bak [2009/10/25 12:53:12 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/25 12:49:47 \| 00,236,544 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/25 12:49:47 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/25 12:49:47 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/25 12:49:47 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/06/15 00:02:38 \| 01,374,132 \| ---- \| C] () -- C:\Program Files\wrar39b3.exe [2009/04/27 21:50:03 \| 00,000,024 \| ---- \| C] () -- C:\Documents and Settings\Jill\Application Data\MyPhrases.dta [2009/02/18 14:44:00 \| 01,724,416 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009/02/18 14:44:00 \| 01,507,328 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2009/02/18 14:44:00 \| 01,101,824 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2009/02/18 14:44:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2008/04/26 11:12:44 \| 00,029,752 \| ---- \| C] () -- C:\WINDOWS\System32\InstHelper.dll [2008/04/26 11:11:52 \| 00,197,680 \| ---- \| C] () -- C:\WINDOWS\System32\vpnapi.dll [2008/04/26 11:11:51 \| 00,193,584 \| ---- \| C] () -- C:\WINDOWS\System32\CSGina.dll [2007/11/14 18:47:53 \| 00,000,251 \| ---- \| C] () -- C:\Program Files\wt3d.ini [2006/12/27 20:12:56 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\tb70r.ini [2006/09/26 20:19:35 \| 00,000,097 \| ---- \| C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/09/26 20:15:21 \| 00,000,044 \| ---- \| C] () -- C:\WINDOWS\ESCX5800.ini [2006/06/10 10:57:51 \| 00,000,008 \| ---- \| C] () -- C:\WINDOWS\System32\winlogon.ini [2006/05/21 19:39:19 \| 00,000,245 \| ---- \| C] () -- C:\WINDOWS\hegames.ini [2006/03/21 21:03:41 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\BlendSettings.ini [2006/02/23 20:30:06 \| 00,026,922 \| ---- \| C] () -- C:\Program Files\MoviePass Terms.html [2006/02/15 04:00:47 \| 00,004,323 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2006/02/05 09:37:05 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\OpPrintServer.INI [2005/12/31 09:38:42 \| 00,005,839 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005/12/18 12:17:24 \| 00,000,151 \| ---- \| C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2005/11/30 22:56:37 \| 00,014,336 \| ---- \| C] () -- C:\Documents and Settings\Jill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/11/30 01:05:00 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2005/11/29 22:32:54 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\adistres.dll [2005/11/29 21:35:26 \| 00,210,944 \| ---- \| C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2005/11/29 21:29:03 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/11/24 02:04:43 \| 00,000,766 \| ---- \| C] () -- C:\WINDOWS\CoD.INI [2005/11/24 01:24:11 \| 00,039,864 \| ---- \| C] () -- C:\Documents and Settings\Jill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/11/24 01:24:01 \| 00,003,350 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/11/24 01:24:01 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\85728D2DE4.sys [2005/11/24 01:18:28 \| 00,545,304 \| -H-- \| C] () -- C:\Documents and Settings\Jill\Local Settings\Application Data\IconCache.db [2005/11/24 01:18:28 \| 00,000,127 \| ---- \| C] () -- C:\Documents and Settings\Jill\Local Settings\Application Data\fusioncache.dat [2005/11/24 01:18:28 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Jill\Application Data\desktop.ini [2005/11/24 01:02:51 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2005/11/22 12:36:19 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005/11/22 12:27:10 \| 00,000,589 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2005/11/22 12:23:45 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\AC3API.INI [2005/11/22 12:23:28 \| 00,014,424 \| ---- \| C] () -- C:\WINDOWS\System32\Aud2_Del.ini [2005/11/22 12:23:28 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/11/22 12:23:27 \| 00,000,194 \| ---- \| C] () -- C:\WINDOWS\System32\KILL.INI [2005/11/22 12:23:08 \| 00,000,136 \| ---- \| C] () -- C:\WINDOWS\SBWIN.INI [2005/11/22 12:06:52 \| 00,000,384 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/16 05:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 05:33:24 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 05:18:43 \| 00,000,666 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 05:18:41 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 15:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/04/09 18:04:54 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [1999/01/22 13:46:56 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2009/10/21 21:53:43 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/06/16 18:10:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/10/14 20:20:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2005/08/16 21:54:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2007/04/08 13:42:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DriveSmarrt-MX [2009/08/22 15:48:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2007/09/08 12:52:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2009/12/25 23:05:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2005/12/25 12:20:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios [2007/08/07 21:42:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games [2008/03/20 01:51:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008/10/02 21:06:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/02/13 09:03:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/28 08:20:29 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Jill\Application Data [2005/11/27 22:22:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Aim [2008/01/01 17:09:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\ArcSoft [2005/11/24 01:24:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Corel Photo Album [2005/11/27 22:22:45 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Leadertech [2008/10/16 14:07:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Microgaming [2009/06/30 16:48:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Move Networks [2008/09/29 18:50:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\MSNInstaller [2006/08/27 21:38:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\PlayFirst [2007/12/26 22:28:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Pogo Games [2008/01/15 19:26:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\TypingMaster7 [2009/03/15 18:05:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\U3 [2008/11/21 21:52:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Jill\Application Data\Viewpoint [2009/10/27 17:07:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 06:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/10/29 20:48:18 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90BA5E08 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FB468B7 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A208B5C @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067BF339 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A6AFE3D @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB00961 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040 < End of report > Malwarebytes' Anti-Malware 1.41 Database version: 3057 Windows 5.1.2600 Service Pack 3 10/29/2009 9:02:16 PM mbam-log-2009-10-29 (21-02-16).txt Scan type: Quick Scan Objects scanned: 148164 Time elapsed: 4 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, October 30, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, October 30, 2009 03:08:22 Records in database: 3104241 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ Scan statistics: Objects scanned: 135766 Threats found: 5 Infected objects found: 24 Suspicious objects found: 0 Scan duration: 02:24:45 File name / Threat / Threats count C:\Qoobox\Quarantine\C\Documents and Settings\Brian\ntuser.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Brian\Start Menu\Programs\Startup\scandisk.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Jill\Application Data\seres.exe.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Jill\Application Data\svcst.exe.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Jill\ntuser.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Jill\Start Menu\Programs\Startup\scandisk.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\ntuser.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\berikeda.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\bimeyonu.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fotuliza.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gawafuda.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gitabiga.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gizapune.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hujinuya.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\zahuzewi.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir Infected: not-a-virus:FraudTool.Win32.Antivirus2010.ag 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-26_06.44.23.zip Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-26_06.44.23.zip Infected: Packed.Win32.TDSS.aa 2 C:\Qoobox\Quarantine\[4]-Submit_2009-10-26_06.44.23.zip Infected: Trojan.Win32.FraudPack.xcs 2 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000050.exe Infected: Trojan.Win32.FraudPack.xcs 1 C:\_OTM\MovedFiles\10282009_055529\Program Files\MSN Games\Wheel of Fortune 2\Launch.exe Infected: Trojan.Win32.Inject.ygw 1 Selected area has been scanned.

chamber View Member Profile	Oct 30 2009, 01:50 AM Post #34
Trusted Helper Posts: 1,817 From: ~/ OS: Linux all the way!	How are things on this machine now?

dhlavinka View Member Profile	Oct 30 2009, 05:41 AM Post #35
Member Posts: 39 From: Houston, Texas OS: Windows XP	Hello. Things are completely back to normal on my session and my wife's session. And the machine is running quickly. But as mentioned before, there are still issues with two of my son's sessions. I assume we need to address them now? Why don't the things we do on one session address all sessions? They are all on the same computer and everything is on the C: drive. I did see one box on either the OTL or ComboFix beginning screen that said "All users", but we didn't check it. Any way - onward. So on one of my son's sessions the background is incorrect (but appears briefly when logging off) and I get the same ntuser.dll error as on mine and my wife's in the beginning.

chamber View Member Profile	Oct 30 2009, 06:08 AM Post #36
Trusted Helper Posts: 1,817 From: ~/ OS: Linux all the way!	This must have been a pretty major infection, generally the tools that we use only check in the current user sessions because you could get into all sorts of problems with trying to change things in other peoples accounts that you do not have the correct permissions on. We can work through all these accounts one at a time if you wish. I can stick it out if you can?

dhlavinka View Member Profile	Oct 30 2009, 06:12 AM Post #37
Member Posts: 39 From: Houston, Texas OS: Windows XP	Let's go.

chamber View Member Profile	Oct 30 2009, 06:13 AM Post #38
Trusted Helper Posts: 1,817 From: ~/ OS: Linux all the way!	Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\.exe HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions %SYSTEMDRIVE%\eventlog.dll /s /md5 %SYSTEMDRIVE%\scecli.dll /s /md5 %SYSTEMDRIVE%\netlogon.dll /s /md5 %SYSTEMDRIVE%\cngaudit.dll /s /md5 %SYSTEMDRIVE%\sceclt.dll /s /md5 %SYSTEMDRIVE%\ntelogon.dll /s /md5 %SYSTEMDRIVE%\logevent.dll /s /md5 %SYSTEMDRIVE%\iaStor.sys /s /md5 %SYSTEMDRIVE%\nvstor.sys /s /md5 %SYSTEMDRIVE%\atapi.sys /s /md5 %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 %SYSTEMDRIVE%\viasraid.sys /s /md5 %SYSTEMDRIVE%\AGP440.sys /s /md5 %SYSTEMDRIVE%\vaxscsi.sys /s /md5 Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt* and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

dhlavinka View Member Profile	Oct 30 2009, 06:16 AM Post #39
Member Posts: 39 From: Houston, Texas OS: Windows XP	Also - is there a way to make the posts that are part of a thread be listed in the reverse order in which they were posted....the last one first on page 1, etc? Instead of logging on and seeing what I need to see immediately instead of always having to move to the last page and then scroll to the bottom of the thread?

dhlavinka View Member Profile	Oct 30 2009, 06:27 AM Post #40
Member Posts: 39 From: Houston, Texas OS: Windows XP	Ran OTL. Only OTL.txt file generated & attached below. No Extras.txt file generated. OTL logfile created on: 10/30/2009 7:19:11 AM - Run 3 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Brian\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1021.46 Mb Total Physical Memory \| 600.70 Mb Available Physical Memory \| 58.81% Memory free 2.40 Gb Paging File \| 1.85 Gb Available in Paging File \| 76.88% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 148.96 Gb Total Space \| 68.04 Gb Free Space \| 45.67% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 698.46 Gb Total Space \| 634.46 Gb Free Space \| 90.84% Space Free \| Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HLAVINKA Current User Name: Brian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Brian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE (SEIKO EPSON CORPORATION) PRC - C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (aawservice [Auto \| Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access [Auto \| Running]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) SRV - (CVPND [Auto \| Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (dsNcService [Auto \| Running]) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (ehRecvr [Auto \| Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (McAfee SiteAdvisor Service [Auto \| Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (mcmscsvc [Auto \| Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McNASvc [Auto \| Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (McODS [On_Demand \| Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McProxy [Auto \| Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McrdSvc [Auto \| Running]) -- C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) SRV - (McShield [Unknown \| Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon [Disabled \| Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MHN [On_Demand \| Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (MpfService [Auto \| Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (NVSvc [Auto \| Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RMSvc [Auto \| Running]) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) SRV - (sprtsvc_dellsupportcenter [Auto \| Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (Viewpoint Manager Service [Auto \| Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WMPNetworkSvc [Auto \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (ctac32k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (ctaud2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctdvda2k [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctprxy2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctsfm2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (CVirtA [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.) DRV - (CVPNDRVA [Auto \| Running]) -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (dac2w2k [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (DNE [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.) DRV - (drvmcdb [Boot \| Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm [Auto \| Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions) DRV - (dsNcAdpt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys (Juniper Networks) DRV - (E100B [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (emupia [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (gameenum [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ha10kx2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\hap16v2k.sys (Creative Technology Ltd) DRV - (IntelC51 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation) DRV - (IntelC52 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation) DRV - (IntelC53 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation) DRV - (mfeavfk [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfebopk [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfehidk [System \| Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mferkdk [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mfesmfk [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (MODEMCSA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (mohfilt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation) DRV - (MPFP [System \| Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.) DRV - (mraid35x [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (nv [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (nvatabus [Boot \| Running]) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (NVENETFD [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation) DRV - (nvnetbus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation) DRV - (nvraid [Boot \| Stopped]) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (ossrv [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (PfModNT [Auto \| Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.) DRV - (Point32 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\point32.sys (Microsoft Corporation) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (SDDMI2 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DDMI2.sys (Gteko Ltd.) DRV - (Secdrv [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SilverLink [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\SilvrLnk.sys (Texas Instruments Incorporated) DRV - (sisagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sscdbhk5 [System \| Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System \| Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions) DRV - (SVKP [Auto \| Running]) -- C:\WINDOWS\System32\SVKP.sys (AntiCracking) DRV - (sym_hi [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (symc810 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (tfsnboio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsncofs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsndrct [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions) DRV - (tfsnifs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsnopio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsnudf [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnudfa [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (TIEHDUSB [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated) DRV - (ultra [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (USBAAPL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (usbaudio [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (vsdatant [On_Demand \| Stopped]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs LLC) DRV - (WD_FireWire_HID [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\wdfwhid.sys (Western Digital Technologies) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Brian\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\System32\ctagent.dll (Creative Technology Ltd) MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:59:15 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/18 03:09:45 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/27 07:51:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/14 19:35:47 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 08:17:21 \| 00,000,000 \| ---D \| M] [2009/10/28 06:35:04 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/03/22 11:48:26 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/11/28 22:38:08 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/03/16 23:25:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/04/09 20:05:51 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/10/27 07:52:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/03/22 11:48:26 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2009/03/22 11:48:12 \| 00,067,688 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2009/03/22 11:48:12 \| 00,054,368 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2009/03/22 11:48:12 \| 00,034,944 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2009/03/22 11:48:13 \| 00,046,712 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2009/03/22 11:48:14 \| 00,172,136 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/10/27 07:51:55 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/03/22 11:48:21 \| 00,022,656 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2009/02/27 13:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/06/11 12:44:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/06/11 12:44:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/06/11 13:34:00 \| 02,115,816 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2009/03/22 11:48:24 \| 00,001,514 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/22 11:48:24 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/03/22 11:48:24 \| 00,001,038 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/22 11:48:24 \| 00,001,046 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/03/22 11:48:24 \| 00,002,351 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/22 11:48:24 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found O4 - HKCU..\Run: [Aim6] C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe File not found O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [calc] C:\DOCUME~1\Brian\ntuser.DLL File not found O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe File not found O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (Microgaming) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Bejeweled 2\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://www.gateway.slb.com/dana-cached/set...perSetupSP1.cab (JuniperSetupControlXP Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 05:43:04 \| 00,000,000 \| -HS- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/06/16 22:04:20 \| 00,000,000 \| ---D \| M] - E:\autorun -- [ FAT32 ] O32 - AutoRun File - [2005/11/15 12:08:04 \| 00,000,036 \| -H-- \| M] () - E:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell - "" = AutoRun O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) MsConfig - StartUpReg: MimBoot - hkey= - key= - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.) MsConfig - StartUpReg: MMTray - hkey= - key= - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} - Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748) ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB971090) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2009/12/25 23:05:58 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2009/10/21 21:53:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/28 08:28:22 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Brian\Application Data\Malwarebytes [2009/10/28 06:38:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe AIR [2009/12/24 22:26:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\McAfee [2009/10/21 21:38:18 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/12/25 23:06:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Juniper Networks [2009/10/26 07:18:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/24 22:25:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee [2009/12/24 22:26:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee.com [2009/12/25 23:06:57 \| 00,345,384 \| ---- \| C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll [2009/12/24 22:26:36 \| 00,120,136 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys [2009/10/30 07:18:09 \| 00,521,728 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe [2009/10/29 06:04:38 \| 00,000,000 \| ---D \| C] -- C:\ComboFix [2009/10/28 06:38:56 \| 00,000,000 \| ---D \| C] -- C:\Config.Msi [2009/10/28 05:55:29 \| 00,000,000 \| ---D \| C] -- C:\_OTM [2009/10/27 07:52:14 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/27 07:52:14 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/27 07:52:14 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/27 07:19:02 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/26 07:18:51 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/26 07:18:49 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/25 22:06:51 \| 00,000,000 \| ---D \| C] -- C:\Combo-Fix [2009/10/25 13:04:03 \| 00,050,176 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe [2009/10/25 13:04:03 \| 00,050,176 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe [2009/10/25 12:53:11 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/25 12:49:47 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/25 12:49:47 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/25 12:49:47 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/25 12:49:47 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/25 12:48:38 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/21 21:39:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2005/12/01 01:29:25 \| 00,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2005/11/22 12:23:26 \| 00,065,536 \| ---- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll ========== Files - Modified Within 30 Days ========== [2009/12/27 21:49:22 \| 00,000,116 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/12/24 22:28:18 \| 00,000,666 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/30 07:18:10 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe [2009/10/30 07:17:52 \| 00,014,025 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009/10/30 07:11:15 \| 04,933,091 \| ---- \| M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF [2009/10/30 07:03:09 \| 00,203,041 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/10/30 07:03:01 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/29 21:28:24 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/29 21:27:42 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/10/29 21:27:40 \| 10,711,57248 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/29 20:56:35 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/29 20:42:50 \| 00,032,592 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/29 20:42:50 \| 00,032,592 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/29 20:42:50 \| 00,032,088 \| ---- \| M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/29 20:42:50 \| 00,032,088 \| ---- \| M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/29 20:42:50 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/10/29 20:42:50 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settings.sfm [2009/10/29 20:42:50 \| 00,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.dat [2009/10/29 20:42:50 \| 00,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.dat [2009/10/29 12:37:24 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\System32\null [2009/10/29 06:15:11 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/10/27 17:07:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/27 07:51:53 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/10/27 07:51:53 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/27 07:51:53 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/27 07:51:53 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/27 07:51:53 \| 00,073,728 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/10/26 06:55:40 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/10/25 12:53:15 \| 00,000,279 \| RHS- \| M] () -- C:\boot.ini [2009/10/25 06:11:34 \| 00,077,312 \| ---- \| M] () -- C:\WINDOWS\MBR.exe [2009/10/19 03:13:29 \| 00,503,304 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/19 03:13:29 \| 00,442,466 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/19 03:13:29 \| 00,071,732 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/19 03:05:31 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/18 18:15:01 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/10/11 08:10:09 \| 00,236,544 \| ---- \| M] () -- C:\WINDOWS\PEV.exe ========== Files - No Company Name ========== [2009/12/24 22:29:08 \| 00,014,025 \| ---- \| C] () -- C:\WINDOWS\System32\Config.MPF [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/29 06:04:47 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2009/10/26 07:18:53 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/25 12:53:15 \| 00,000,209 \| ---- \| C] () -- C:\Boot.bak [2009/10/25 12:53:12 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/25 12:49:47 \| 00,236,544 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/25 12:49:47 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/25 12:49:47 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/25 12:49:47 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/06/15 00:02:38 \| 01,374,132 \| ---- \| C] () -- C:\Program Files\wrar39b3.exe [2009/02/18 14:44:00 \| 01,724,416 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009/02/18 14:44:00 \| 01,507,328 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2009/02/18 14:44:00 \| 01,101,824 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2009/02/18 14:44:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2008/04/26 11:12:44 \| 00,029,752 \| ---- \| C] () -- C:\WINDOWS\System32\InstHelper.dll [2008/04/26 11:11:52 \| 00,197,680 \| ---- \| C] () -- C:\WINDOWS\System32\vpnapi.dll [2008/04/26 11:11:51 \| 00,193,584 \| ---- \| C] () -- C:\WINDOWS\System32\CSGina.dll [2007/11/14 18:47:53 \| 00,000,251 \| ---- \| C] () -- C:\Program Files\wt3d.ini [2006/12/27 20:12:56 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\tb70r.ini [2006/09/26 20:19:35 \| 00,000,097 \| ---- \| C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/09/26 20:15:21 \| 00,000,044 \| ---- \| C] () -- C:\WINDOWS\ESCX5800.ini [2006/08/13 20:35:27 \| 00,004,608 \| ---- \| C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/10 10:57:51 \| 00,000,008 \| ---- \| C] () -- C:\WINDOWS\System32\winlogon.ini [2006/05/21 19:39:19 \| 00,000,245 \| ---- \| C] () -- C:\WINDOWS\hegames.ini [2006/05/11 00:06:03 \| 00,039,864 \| ---- \| C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2006/03/21 21:03:41 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\BlendSettings.ini [2006/02/23 20:30:06 \| 00,026,922 \| ---- \| C] () -- C:\Program Files\MoviePass Terms.html [2006/02/15 04:00:47 \| 00,004,323 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2006/02/05 09:37:05 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\OpPrintServer.INI [2005/12/31 09:38:42 \| 00,005,839 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005/12/18 12:17:24 \| 00,000,151 \| ---- \| C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2005/11/30 01:05:00 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2005/11/29 22:32:54 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\adistres.dll [2005/11/29 21:35:26 \| 00,210,944 \| ---- \| C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2005/11/29 21:29:03 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/11/24 12:55:02 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Brian\Application Data\desktop.ini [2005/11/24 12:55:01 \| 03,206,222 \| -H-- \| C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\IconCache.db [2005/11/24 12:55:01 \| 00,000,128 \| ---- \| C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\fusioncache.dat [2005/11/24 02:04:43 \| 00,000,766 \| ---- \| C] () -- C:\WINDOWS\CoD.INI [2005/11/24 01:24:01 \| 00,003,350 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/11/24 01:24:01 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\85728D2DE4.sys [2005/11/24 01:02:51 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2005/11/22 12:36:19 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005/11/22 12:27:10 \| 00,000,589 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2005/11/22 12:23:45 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\AC3API.INI [2005/11/22 12:23:28 \| 00,014,424 \| ---- \| C] () -- C:\WINDOWS\System32\Aud2_Del.ini [2005/11/22 12:23:28 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/11/22 12:23:27 \| 00,000,194 \| ---- \| C] () -- C:\WINDOWS\System32\KILL.INI [2005/11/22 12:23:08 \| 00,000,136 \| ---- \| C] () -- C:\WINDOWS\SBWIN.INI [2005/11/22 12:06:52 \| 00,000,384 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/16 05:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 05:33:24 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 05:18:43 \| 00,000,666 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 05:18:41 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 15:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/04/09 18:04:54 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [1999/01/22 13:46:56 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2009/10/21 21:53:43 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/06/16 18:10:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/10/14 20:20:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2005/08/16 21:54:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2007/04/08 13:42:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DriveSmarrt-MX [2009/08/22 15:48:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2007/09/08 12:52:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2009/12/25 23:05:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2005/12/25 12:20:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios [2007/08/07 21:42:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games [2008/03/20 01:51:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008/10/02 21:06:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/02/13 09:03:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/28 08:28:22 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Brian\Application Data [2005/11/24 12:56:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\acccore [2006/01/06 19:10:43 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\Aim [2008/04/26 11:17:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\ArcSoft [2006/06/04 12:36:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\Corel Photo Album [2007/03/14 11:39:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\Viewpoint [2009/10/27 17:07:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 06:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/10/29 21:28:24 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > < HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions > "{20a82645-c095-46ed-80e3-08825760534b}" = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ -- [2009/08/28 08:59:15 \| 00,000,000 \| ---D \| M] "{B7082FAA-CB62-4872-9106-E42DD88EDE45}" = C:\Program Files\McAfee\SiteAdvisor -- [2009/10/18 03:09:45 \| 00,000,000 \| ---D \| M] "jqs@sun.com" = C:\Program Files\Java\jre6\lib\deploy\jqs\ff -- [2009/10/27 07:51:57 \| 00,000,000 \| ---D \| M] < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/10 06:00:00 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) -- C:\i386\eventlog.dll [1 C:\i386\.tmp files] [eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/10 06:00:00 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/10 06:00:00 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) -- C:\i386\scecli.dll [1 C:\i386\.tmp files] [scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/10 06:00:00 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/10 06:00:00 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\i386\netlogon.dll [1 C:\i386\.tmp files] [netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/10 06:00:00 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 19:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 19:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 19:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 23:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) -- C:\i386\atapi.sys [1 C:\i386\.tmp files] [atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/03 23:59:44 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 13:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 13:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [AGP440.SYS : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/04 00:07:42 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\i386\AGP440.SYS [1 C:\i386\.tmp files] [agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/04 00:07:42 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 13:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 13:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 13:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90BA5E08 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FB468B7 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A208B5C @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067BF339 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A6AFE3D @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB00961 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040 < End of report >

chamber View Member Profile	Oct 30 2009, 06:52 AM Post #41
Trusted Helper Posts: 1,817 From: ~/ OS: Linux all the way!	This account doesn't seem as bad as the last 2. 1) OTL - step 1 Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell - "" = AutoRun O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found :Services :Reg :Files :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done 2) ComboFix Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. 3) OTL - step 2 Open OTL again and click the Quick Scan** button. Post the log it produces in your next reply. In your reply I would like to see copied and pasted, 1) OTL fix log 2) ComboFix log 3) OTL new log

dhlavinka View Member Profile	Oct 30 2009, 07:29 AM Post #42
Member Posts: 39 From: Houston, Texas OS: Windows XP	OK. May have messed up here. Ran OTL successfully. Then ran ComboFix successfully. Then reran OTL. Don't remember if OTL generated a .txt file the first time or a .log file the first time. If it ran a .txt file it saved it to my Desktop and then when I reran OTL it might have generated another .txt file and over written the original one on my Desktop. So I have attached the logfile from first (I think) OTL scan, ComboFix.txt file and the OTL.txt file from the second run. Hope this gives you what you need. I am off to the office though. Will wait to hear back from you. Let me know if I need to rerun anything. OTL Logfile All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. File E:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1e43459-3329-11dc-afdc-0014224517f1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1e43459-3329-11dc-afdc-0014224517f1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1e43459-3329-11dc-afdc-0014224517f1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1e43459-3329-11dc-afdc-0014224517f1}\ not found. File G:\LaunchU3.exe not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Bradley ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: Brett ->Temp folder emptied: 792 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: Brian File delete failed. C:\Documents and Settings\Brian\Local Settings\Temp\Perflib_Perfdata_1478.dat scheduled to be deleted on reboot. ->Temp folder emptied: 20049 bytes File delete failed. C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 6345034 bytes ->Java cache emptied: 25493434 bytes User: Danny ->Temp folder emptied: 1507 bytes ->Temporary Internet Files folder emptied: 2739688 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jill ->Temp folder emptied: 86649804 bytes ->Temporary Internet Files folder emptied: 7605485 bytes ->Java cache emptied: 128033 bytes User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Perflib_Perfdata_730.dat scheduled to be deleted on reboot. ->Temp folder emptied: 16384 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33256 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\temp\mcmsc_addRD2iFdEfX6J7 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_iNi9lcCOrEwm3Pg scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ae4.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_fc.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_0pYxfixRk9JaOuB scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_Afy70W1saD0wxX9 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_DEaucG8pje13EaH scheduled to be deleted on reboot. Windows Temp folder emptied: 68248 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 123.15 mb OTL by OldTimer - Version 3.0.22.1 log created on 10302009_075359 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Brian\Local Settings\Temp\Perflib_Perfdata_1478.dat not found! File\Folder C:\Documents and Settings\LocalService\Local Settings\Temp\Perflib_Perfdata_730.dat not found! File\Folder C:\WINDOWS\temp\mcmsc_addRD2iFdEfX6J7 not found! File\Folder C:\WINDOWS\temp\mcmsc_iNi9lcCOrEwm3Pg not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_ae4.dat not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_fc.dat not found! C:\WINDOWS\temp\sqlite_0pYxfixRk9JaOuB moved successfully. C:\WINDOWS\temp\sqlite_Afy70W1saD0wxX9 moved successfully. C:\WINDOWS\temp\sqlite_DEaucG8pje13EaH moved successfully. Registry entries deleted on Reboot... ComboFix 09-10-28.08 - Brian 10/30/2009 8:04.4.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.519 [GMT -5:00] Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall disabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 ))))))))))))))))))))))))))))))) . 2009-12-26 04:06 . 2009-06-19 05:51 345384 ----a-w- c:\windows\system32\dsNcCredProv.dll 2009-12-26 04:06 . 2009-12-26 04:06 -------- d-----w- c:\program files\Juniper Networks 2009-12-26 04:06 . 2009-12-26 04:06 -------- d-----w- c:\documents and settings\Danny\Application Data\Juniper Networks 2009-12-26 04:05 . 2009-12-26 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks 2009-12-25 03:26 . 2009-04-09 20:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-12-25 03:26 . 2009-12-25 03:26 -------- d-----w- c:\program files\Common Files\McAfee 2009-12-25 03:26 . 2009-12-25 03:26 -------- d-----w- c:\program files\McAfee.com 2009-12-25 03:25 . 2009-10-22 01:41 -------- d-----w- c:\program files\McAfee 2009-10-28 13:31 . 2009-10-28 13:31 -------- d-----w- c:\documents and settings\Bradley\Application Data\Malwarebytes 2009-10-28 13:29 . 2009-10-28 13:29 -------- d-----w- c:\documents and settings\Brett\Application Data\Malwarebytes 2009-10-28 13:28 . 2009-10-28 13:28 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes 2009-10-28 13:20 . 2009-10-28 13:20 -------- d-----w- c:\documents and settings\Jill\Application Data\Malwarebytes 2009-10-28 11:38 . 2009-10-28 11:38 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-10-28 10:55 . 2009-10-28 10:55 -------- d-----w- C:\_OTM 2009-10-27 12:19 . 2009-10-27 12:19 -------- d-----w- C:\_OTL 2009-10-26 12:18 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-26 12:18 . 2009-10-30 01:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-26 12:18 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-26 03:06 . 2009-10-29 11:18 -------- d-----w- C:\Combo-Fix 2009-10-25 18:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-25 18:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-10-22 02:53 . 2009-10-22 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-22 02:38 . 2009-10-22 02:38 -------- d-----w- c:\program files\ERUNT 2009-10-22 00:22 . 2009-10-22 00:22 -------- d-----w- c:\documents and settings\Danny\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-26 04:05 . 2009-12-26 04:05 45132 ------w- c:\documents and settings\Danny\Application Data\JuniperExtXP.exe 2009-12-25 03:29 . 2007-07-13 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-30 12:55 . 2005-11-22 17:32 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.dat 2009-10-30 12:55 . 2005-11-22 17:32 384 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.dat 2009-10-30 11:32 . 2009-03-16 05:38 -------- d-----w- c:\program files\Steam 2009-10-28 13:17 . 2009-07-09 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-10-28 13:02 . 2005-11-22 17:21 -------- d-----w- c:\program files\Java 2009-10-28 11:39 . 2005-11-24 06:55 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-27 12:51 . 2008-11-29 03:38 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-25 18:03 . 2006-02-24 01:30 -------- d-----w- c:\program files\DownloadManager 2009-10-22 03:21 . 2007-09-08 17:52 -------- d-----w- c:\program files\Quicken Rental Property Manager 2009-10-22 03:21 . 2005-11-22 17:22 -------- d-----w- c:\program files\Modem On Hold 2009-10-22 03:21 . 2005-08-17 02:54 -------- d-----w- c:\program files\ESPNMotion 2009-10-22 03:21 . 2005-08-17 02:54 -------- d-----w- c:\program files\GemMaster 2009-10-22 03:21 . 2005-08-17 02:51 -------- d-----w- c:\program files\EnglishOtto 2009-10-22 03:21 . 2005-11-24 07:06 -------- d-----w- c:\program files\Call of Duty 2009-10-22 03:21 . 2005-12-23 05:27 -------- d-----w- c:\program files\AIM 2009-10-22 03:21 . 2005-11-22 17:22 -------- d-----w- c:\program files\Modem Helper 2009-10-22 02:32 . 2005-11-30 03:56 39864 ----a-w- c:\documents and settings\Danny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-16 15:22 . 2009-05-14 05:25 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 15:22 . 2007-07-15 00:17 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 15:22 . 2007-07-15 00:17 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 15:22 . 2007-07-15 00:17 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 15:22 . 2007-07-15 00:17 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-13 22:14 . 2006-04-02 00:50 39864 ----a-w- c:\documents and settings\Bradley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2005-08-16 10:18 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-15 04:30 . 2009-01-27 22:55 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-07 00:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2005-05-26 10:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2005-08-16 10:40 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2006-12-08 18:36 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-07 00:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-07 00:23 . 2005-05-26 10:19 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-04 15:13 . 2005-08-16 10:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-04 04:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2009-06-15 05:02 . 2009-06-15 05:02 1374132 ----a-w- c:\program files\wrar39b3.exe 2007-11-14 23:47 . 2007-11-14 23:47 251 ----a-w- c:\program files\wt3d.ini 2006-02-24 01:30 . 2006-02-24 01:30 26922 ----a-w- c:\program files\MoviePass Terms.html 2005-12-01 06:29 . 2005-12-01 06:29 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-03-22 16:48 . 2007-08-28 02:18 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-03-22 16:48 . 2007-08-28 02:18 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-03-22 16:48 . 2007-08-28 02:18 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-03-22 16:48 . 2007-08-28 02:18 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-03-22 16:48 . 2007-08-28 02:18 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2006-07-30 03:15 . 2005-11-24 06:24 56 --sh--r- c:\windows\system32\85728D2DE4.sys 2006-07-30 03:15 . 2005-11-24 06:24 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-10-25_18.08.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-30 12:57 . 2009-10-30 12:57 16384 c:\windows\Temp\Perflib_Perfdata_3b0.dat + 2009-10-27 10:58 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2009-10-27 10:58 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2005-08-16 10:40 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll + 2005-08-16 10:40 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2005-08-16 10:18 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll + 2009-10-27 10:58 . 2009-10-30 11:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2005-11-24 04:55 . 2009-10-30 11:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2005-11-24 04:55 . 2009-10-25 17:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-10-29 12:06 . 2009-10-30 11:43 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2005-11-24 04:55 . 2009-10-25 17:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-10-28 11:38 . 2009-10-28 11:38 21504 c:\windows\Installer\200604.msi + 2009-10-28 11:38 . 2009-10-28 11:38 27648 c:\windows\Installer\2005fe.msi - 2009-08-28 13:52 . 2009-07-25 10:23 149280 c:\windows\system32\javaws.exe + 2009-10-27 12:52 . 2009-10-27 12:51 149280 c:\windows\system32\javaws.exe + 2009-10-27 12:52 . 2009-10-27 12:51 145184 c:\windows\system32\javaw.exe - 2009-08-28 13:52 . 2009-07-25 10:23 145184 c:\windows\system32\javaw.exe + 2009-10-27 12:52 . 2009-10-27 12:51 145184 c:\windows\system32\java.exe - 2009-08-28 13:52 . 2009-07-25 10:23 145184 c:\windows\system32\java.exe + 2005-08-16 10:40 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2005-08-16 10:40 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2005-08-16 10:40 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2005-08-16 10:40 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2009-10-28 11:40 . 2009-10-28 11:40 3940352 c:\windows\Installer\20073c.msi + 2009-10-27 12:51 . 2009-10-27 12:51 1757696 c:\windows\Installer\1c71ba.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208] "AIM"="c:\program files\AIM\aim.exe" [2005-06-02 67160] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-17 180269] "EPSON Stylus CX5800F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 98304] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-27 149280] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2004-03-11 28672] "WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2007-11-27 364544] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-4-26 1528880] Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-11-26 98304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls] appsecdll REG_SZ c:\windows\system32\mscert.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Call of Duty\\CoDMP.exe"= "c:\\WINDOWS\\system32"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/24/2009 10:27 PM 210216] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [12/4/2005 5:12 PM 2368] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 11:00 PM 24652] --- Other Services/Drivers In Memory --- Deregistered - CLASSPNP_2 Deregistered - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE . Contents of the 'Scheduled Tasks' folder 2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-12-25 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-25 17:22] 2009-12-25 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-25 17:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore IE: {{FA4904B4-1FAF-4afd-886C-C19D2297BA62} - c:\program files\royalvegasMPP\MPPoker.exe FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - c:\program files\Common Files\AOL\Launch\AOLLaunch.exe HKCU-Run-DellSupport - c:\program files\DellSupport\DSAgnt.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-30 08:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . Completion time: 2009-10-30 8:15 ComboFix-quarantined-files.txt 2009-10-30 13:15 ComboFix2.txt 2009-10-29 11:18 ComboFix3.txt 2009-10-26 12:03 ComboFix4.txt 2009-10-25 18:16 Pre-Run: 73,115,701,248 bytes free Post-Run: 73,097,445,376 bytes free - - End Of File - - A050CEFB77110E7A0D4EE433809B68CC OTL logfile created on: 10/30/2009 8:17:52 AM - Run 4 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Brian\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1021.46 Mb Total Physical Memory \| 539.36 Mb Available Physical Memory \| 52.80% Memory free 2.40 Gb Paging File \| 1.94 Gb Available in Paging File \| 80.97% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 148.96 Gb Total Space \| 68.12 Gb Free Space \| 45.73% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 698.46 Gb Total Space \| 634.47 Gb Free Space \| 90.84% Space Free \| Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HLAVINKA Current User Name: Brian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Brian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.) PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE (SEIKO EPSON CORPORATION) PRC - C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (aawservice [Auto \| Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Creative Service for CDROM Access [Auto \| Running]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) SRV - (CVPND [Auto \| Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (dsNcService [Auto \| Running]) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (ehRecvr [Auto \| Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (McAfee SiteAdvisor Service [Auto \| Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (mcmscsvc [Auto \| Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McNASvc [Auto \| Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (McODS [On_Demand \| Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McProxy [Auto \| Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McrdSvc [Auto \| Running]) -- C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) SRV - (McShield [Unknown \| Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon [Disabled \| Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MHN [On_Demand \| Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (MpfService [Auto \| Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (NVSvc [Auto \| Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (RMSvc [Auto \| Running]) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation) SRV - (sprtsvc_dellsupportcenter [Auto \| Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (Viewpoint Manager Service [Auto \| Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WMPNetworkSvc [Auto \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Brian\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\McAfee\SiteAdvisor\saHook.dll () MOD - C:\WINDOWS\System32\mslbui.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 08:59:15 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/18 03:09:45 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/27 07:51:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/14 19:35:47 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 08:17:21 \| 00,000,000 \| ---D \| M] [2009/10/28 06:35:04 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/03/22 11:48:26 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/11/28 22:38:08 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/03/16 23:25:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/04/09 20:05:51 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/10/27 07:52:17 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/03/22 11:48:26 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2009/03/22 11:48:12 \| 00,067,688 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2009/03/22 11:48:12 \| 00,054,368 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2009/03/22 11:48:12 \| 00,034,944 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2009/03/22 11:48:13 \| 00,046,712 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2009/03/22 11:48:14 \| 00,172,136 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/10/27 07:51:55 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/03/22 11:48:21 \| 00,022,656 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2009/02/27 13:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/06/11 12:44:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/06/11 12:44:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/06/11 12:44:47 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2007/06/11 13:34:00 \| 02,115,816 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2009/03/22 11:48:24 \| 00,001,514 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/22 11:48:24 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/03/22 11:48:24 \| 00,001,038 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/22 11:48:24 \| 00,001,046 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/03/22 11:48:24 \| 00,002,351 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/22 11:48:24 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (Microgaming) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Bejeweled 2\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://www.gateway.slb.com/dana-cached/set...perSetupSP1.cab (JuniperSetupControlXP Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 05:43:04 \| 00,000,000 \| -HS- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/06/16 22:04:20 \| 00,000,000 \| ---D \| M] - E:\autorun -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 14 Days ========== [2009/12/25 23:05:58 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2009/10/21 21:53:43 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/28 08:28:22 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Brian\Application Data\Malwarebytes [2009/10/28 06:38:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe AIR [2009/12/24 22:26:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\McAfee [2009/10/21 21:38:18 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/12/25 23:06:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Juniper Networks [2009/10/26 07:18:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/24 22:25:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee [2009/12/24 22:26:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee.com [2009/12/25 23:06:57 \| 00,345,384 \| ---- \| C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll [2009/12/24 22:26:36 \| 00,120,136 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys [2009/10/30 08:02:27 \| 00,000,000 \| ---D \| C] -- C:\ComboFix [2009/10/30 07:18:09 \| 00,521,728 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe [2009/10/28 06:38:56 \| 00,000,000 \| ---D \| C] -- C:\Config.Msi [2009/10/28 05:55:29 \| 00,000,000 \| ---D \| C] -- C:\_OTM [2009/10/27 07:19:02 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/26 07:18:51 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/26 07:18:49 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/25 22:06:51 \| 00,000,000 \| ---D \| C] -- C:\Combo-Fix [2009/10/25 12:53:11 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/25 12:49:47 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/25 12:49:47 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/25 12:49:47 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/25 12:49:47 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/25 12:48:38 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/21 21:39:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2005/12/01 01:29:25 \| 00,774,144 \| ---- \| C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2005/11/22 12:23:26 \| 00,065,536 \| ---- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll ========== Files - Modified Within 14 Days ========== [2009/12/27 21:49:22 \| 00,000,116 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/12/24 22:28:18 \| 00,000,666 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/30 08:15:56 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/30 08:13:26 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/10/30 08:02:16 \| 04,933,091 \| ---- \| M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20061102}.CDF [2009/10/30 08:01:37 \| 03,427,862 \| R--- \| M] () -- C:\Documents and Settings\Brian\Desktop\ComboFix.exe [2009/10/30 07:59:10 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/30 07:58:01 \| 00,203,041 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/10/30 07:56:52 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/10/30 07:56:49 \| 10,711,57248 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/30 07:55:34 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/10/30 07:55:34 \| 00,001,080 \| ---- \| M] () -- C:\WINDOWS\System32\settings.sfm [2009/10/30 07:55:34 \| 00,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.dat [2009/10/30 07:55:34 \| 00,000,384 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-20061102}.dat [2009/10/30 07:55:33 \| 00,032,592 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/30 07:55:33 \| 00,032,592 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/30 07:55:33 \| 00,032,088 \| ---- \| M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/30 07:55:33 \| 00,032,088 \| ---- \| M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-20061102}.rfx [2009/10/30 07:55:13 \| 00,014,025 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009/10/30 07:18:10 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Brian\Desktop\OTL.exe [2009/10/29 20:56:35 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/29 12:37:24 \| 00,000,000 \| ---- \| M] () -- C:\WINDOWS\System32\null [2009/10/27 17:07:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/26 06:55:40 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/10/25 12:53:15 \| 00,000,279 \| RHS- \| M] () -- C:\boot.ini [2009/10/25 06:11:34 \| 00,077,312 \| ---- \| M] () -- C:\WINDOWS\MBR.exe [2009/10/19 03:13:29 \| 00,503,304 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/19 03:13:29 \| 00,442,466 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/19 03:13:29 \| 00,071,732 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/19 03:05:31 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/18 18:15:01 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk ========== Files - No Company Name ========== [2009/12/24 22:29:08 \| 00,014,025 \| ---- \| C] () -- C:\WINDOWS\System32\Config.MPF [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/10/30 08:01:32 \| 03,427,862 \| R--- \| C] () -- C:\Documents and Settings\Brian\Desktop\ComboFix.exe [2009/10/29 06:04:47 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2009/10/26 07:18:53 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/25 12:53:15 \| 00,000,209 \| ---- \| C] () -- C:\Boot.bak [2009/10/25 12:53:12 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/25 12:49:47 \| 00,236,544 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/25 12:49:47 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/25 12:49:47 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/25 12:49:47 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/06/15 00:02:38 \| 01,374,132 \| ---- \| C] () -- C:\Program Files\wrar39b3.exe [2009/02/18 14:44:00 \| 01,724,416 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009/02/18 14:44:00 \| 01,507,328 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2009/02/18 14:44:00 \| 01,101,824 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2009/02/18 14:44:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2008/04/26 11:12:44 \| 00,029,752 \| ---- \| C] () -- C:\WINDOWS\System32\InstHelper.dll [2008/04/26 11:11:52 \| 00,197,680 \| ---- \| C] () -- C:\WINDOWS\System32\vpnapi.dll [2008/04/26 11:11:51 \| 00,193,584 \| ---- \| C] () -- C:\WINDOWS\System32\CSGina.dll [2007/11/14 18:47:53 \| 00,000,251 \| ---- \| C] () -- C:\Program Files\wt3d.ini [2006/12/27 20:12:56 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\tb70r.ini [2006/09/26 20:19:35 \| 00,000,097 \| ---- \| C] () -- C:\WINDOWS\System32\PICSDK.ini [2006/09/26 20:15:21 \| 00,000,044 \| ---- \| C] () -- C:\WINDOWS\ESCX5800.ini [2006/08/13 20:35:27 \| 00,004,608 \| ---- \| C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/10 10:57:51 \| 00,000,008 \| ---- \| C] () -- C:\WINDOWS\System32\winlogon.ini [2006/05/21 19:39:19 \| 00,000,245 \| ---- \| C] () -- C:\WINDOWS\hegames.ini [2006/05/11 00:06:03 \| 00,039,864 \| ---- \| C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2006/03/21 21:03:41 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\BlendSettings.ini [2006/02/23 20:30:06 \| 00,026,922 \| ---- \| C] () -- C:\Program Files\MoviePass Terms.html [2006/02/15 04:00:47 \| 00,004,323 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2006/02/05 09:37:05 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\OpPrintServer.INI [2005/12/31 09:38:42 \| 00,005,839 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005/12/18 12:17:24 \| 00,000,151 \| ---- \| C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2005/11/30 01:05:00 \| 00,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2005/11/29 22:32:54 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\adistres.dll [2005/11/29 21:35:26 \| 00,210,944 \| ---- \| C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2005/11/29 21:29:03 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/11/24 12:55:02 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Brian\Application Data\desktop.ini [2005/11/24 12:55:01 \| 03,206,222 \| -H-- \| C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\IconCache.db [2005/11/24 12:55:01 \| 00,000,128 \| ---- \| C] () -- C:\Documents and Settings\Brian\Local Settings\Application Data\fusioncache.dat [2005/11/24 02:04:43 \| 00,000,766 \| ---- \| C] () -- C:\WINDOWS\CoD.INI [2005/11/24 01:24:01 \| 00,003,350 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/11/24 01:24:01 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\85728D2DE4.sys [2005/11/24 01:02:51 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2005/11/22 12:36:19 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005/11/22 12:27:10 \| 00,000,589 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2005/11/22 12:23:45 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\AC3API.INI [2005/11/22 12:23:28 \| 00,014,424 \| ---- \| C] () -- C:\WINDOWS\System32\Aud2_Del.ini [2005/11/22 12:23:28 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/11/22 12:23:27 \| 00,000,194 \| ---- \| C] () -- C:\WINDOWS\System32\KILL.INI [2005/11/22 12:23:08 \| 00,000,136 \| ---- \| C] () -- C:\WINDOWS\SBWIN.INI [2005/11/22 12:06:52 \| 00,000,384 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/16 05:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 05:33:24 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 05:18:43 \| 00,000,666 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 05:18:41 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 15:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/04/09 18:04:54 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [1999/01/22 13:46:56 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2009/10/21 21:53:43 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/06/16 18:10:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/10/14 20:20:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2005/08/16 21:54:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2007/04/08 13:42:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DriveSmarrt-MX [2009/08/22 15:48:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2007/09/08 12:52:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2009/12/25 23:05:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2005/12/25 12:20:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios [2007/08/07 21:42:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games [2008/03/20 01:51:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008/10/02 21:06:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/02/13 09:03:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/28 08:28:22 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Brian\Application Data [2005/11/24 12:56:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\acccore [2006/01/06 19:10:43 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\Aim [2008/04/26 11:17:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\ArcSoft [2006/06/04 12:36:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\Corel Photo Album [2007/03/14 11:39:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Brian\Application Data\Viewpoint [2009/10/27 17:07:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 06:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/12/24 22:26:25 \| 00,000,340 \| ---- \| M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/12/24 22:26:24 \| 00,000,332 \| ---- \| M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/10/30 08:15:56 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90BA5E08 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FB468B7 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A208B5C @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624 @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067BF339 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A6AFE3D @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB00961 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040 < End of report >

chamber View Member Profile	Oct 30 2009, 07:33 AM Post #43
Trusted Helper Posts: 1,817 From: ~/ OS: Linux all the way!	Those all look good. Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

dhlavinka View Member Profile	Oct 30 2009, 09:23 PM Post #44
Member Posts: 39 From: Houston, Texas OS: Windows XP	Normal background has returned on my son's session. Ran Malwarebytes successfully. Logfile attached below. Malwarebytes' Anti-Malware 1.41 Database version: 3057 Windows 5.1.2600 Service Pack 3 10/30/2009 10:20:59 PM mbam-log-2009-10-30 (22-20-59).txt Scan type: Quick Scan Objects scanned: 149827 Time elapsed: 8 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

chamber View Member Profile	Oct 31 2009, 03:52 AM Post #45
Trusted Helper Posts: 1,817 From: ~/ OS: Linux all the way!	Are there any more accounts?

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

5 Pages

< 1 2 3 4 5 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Help - Fake Windows Security Center & Spyware Guard 2009 [Solved] 123	30 / 1,081	11th February 2009 - 06:36 PM dpanone started - last by SpySentinel
Virus, Spyware and Trojan Removal Google Redirect / AntiVirus Pro 2009 [Solved]	13 / 216	15th August 2009 - 05:55 AM Mr. Doo started - last by kahdah
Virus, Spyware and Trojan Removal stubborn antivirus pro 2009 [Solved]	12 / 215	21st October 2009 - 04:38 AM RoBSTaR started - last by Rorschach112
Hardware, Components and Peripherals No sound after Security Tool & Antivirus Pro 2010 infection	13 / 194	10th November 2009 - 07:46 AM dhlavinka started - last by happyrock